Information processing system, information communication terminal and method, information processing apparatus and method, recording medium, and program for internet transaction

ABSTRACT

An information processing system, information communication terminal and method, information processing apparatus and method, recording medium, and program capable of enabling safer electronic commercial transactions. A point-of-purchase server generates purchasing information using a card Identification number allotted to a non-contact IC-card of a mobile telephone. A point-of-receipt server acquires this purchasing information and confirms the card identification number allotted to the non-contact IC card of the mobile telephone and a purchasing card identification number. The authentication server calculates user trustworthiness and store trustworthiness based on temporary commercial transaction information stored in the non-contact IC card of the mobile telephone. The calculated user trustworthiness and store trustworthiness is then reference by the mobile telephone and point-of-purchase server in the next commercial transaction.

TECHNICAL FIELD

The present invention relates to an information processing system,information communication terminal and method, information processingapparatus and method, recording medium, and program, and particularlyrelates to an information processing system, information communicationterminal and method, information processing apparatus and method,recording medium, and program capable of enabling safer electroniccommercial transactions in a straightforward manner.

BACKGROUND ART

In the related art, when operations relating to commercial transactionssuch as ordering merchandise, paying a charge, or receiving a product,etc., differ with respect to time and position, such as, for example, incases of a purchaser making a reservation in advance in order topurchase merchandise, or in cases where a purchaser receives merchandisepurchased by an electronic commercial transaction via the Internet at ashop such as their nearest convenience store, the shop assistant in theshop that is handing over the merchandise asks the purchaser to disclosepersonal information such as their name, address, and telephone numberetc. in order to confirm whether or not the person coming to the shop isthe purchaser of the merchandise. Alternatively, by distributingprescribed reservation tokens and exchange tokens to purchasersbeforehand on the sales side, the shop assistant handing over themerchandise can confirm whether or not the customer coming to the shopis the purchaser to whom the merchandise is to be handed over to bypresenting the distributed reservation tokens and exchange tokens tocustomers.

However, in the case described above, it is necessary for the purchaserof the merchandise to provide their personal information. In particular,in cases where the provided personal information is saved on a computerin a shop, there is the fear the information provided may bemisappropriated for other uses or may be disclosed.

Further, in cases where prescribed reservation tokens and exchangetokens are distributed in advance at places selling the merchandise,there is the fear that the reservation tokens and exchange tokens may befraudulently made or may be copied.

DISCLOSURE OF INVENTION

The present invention has been conceived in order to take this situationinto consideration and is aimed at setting out to enable saferelectronic commercial transactions to be carried out in astraightforward manner.

An information processing system of the present invention ischaracterized by an information communication terminal connected to anetwork, for holding information relating to a commercial transactionand an information processing apparatus connected to the network, formanaging information relating to the commercial transaction, wherein theinformation communication terminal comprises first acquiring means foracquiring information relating to the commercial transaction from theinformation processing apparatus during merchandise purchasing, firststorage means for storing information relating to the commercialtransaction acquired by the first acquiring means, and first providingmeans for providing information relating to the commercial transactionstored by the first storage means to the information processingapparatus during receipt of merchandise, wherein the informationprocessing apparatus comprises second providing means for providinginformation relating to the commercial transaction to the informationcommunication terminal during merchandise sales, second storage meansfor storing information relating to the commercial transaction, secondacquiring means for acquiring information relating to the commercialtransaction from the information communication terminal duringmerchandise delivery, and authentication means for authenticatinginformation relating to said commercial transaction acquired by thesecond acquiring means using information relating to the commercialtransaction stored by the second storage means.

A second information processing system of the present invention ischaracterized by an information communication terminal connected to anetwork, for holding information relating to a commercial transaction, afirst information processing apparatus connected to the network, formanaging information relating to the commercial transaction, and asecond information processing apparatus connected to the network, formanaging information relating to trustworthiness of a first userconstituting a user of the information communication terminal andinformation relating to trustworthiness of a second user constituting auser of the first information processing apparatus, wherein theinformation communication terminal comprises first storage means forstoring information relating to trustworthiness of the first user, firstproviding means for providing information relating to trustworthiness ofthe first user stored by the first storage means to the firstinformation processing apparatus, first acquiring means for acquiringinformation relating to trustworthiness of the second user from thesecond information processing apparatus, second acquiring means foracquiring information relating to the commercial transaction from thefirst information processing apparatus, first providing means forproviding trustworthiness of the first user stored by the first storagemeans and information relating to the commercial transaction acquired bythe second acquiring means to the second information processingapparatus, and third acquiring means for acquiring information relatingto trustworthiness of the first user updated by the second informationprocessing apparatus, wherein the first information processing apparatuscomprises fourth acquiring means for acquiring information relating totrustworthiness of the first user from the information communicationterminal, and second providing means for providing information relatingto the commercial transaction to the information communication terminal,and the second information processing apparatus comprises second storagemeans for storing information relating to trustworthiness of the seconduser, second providing means for providing information relating totrustworthiness of the second user stored by the second storage means tothe information communication terminal, fifth acquiring means foracquiring information relating to the first user from the informationcommunication terminal and information relating to the commercialtransaction, updating means for updating information relating to thefirst user acquired by the fifth acquiring means and informationrelating to trustworthiness of the second user stored by the secondstorage means based on information relating to the commercialtransaction acquired by the fifth acquiring means, and third providingmeans for providing the information relating to trustworthiness of thefirst user updated by the updating means to the informationcommunication terminal.

An information communication terminal of the present invention ischaracterized by first acquiring means for acquiring informationrelating to a commercial transaction employed in user authenticationfrom the first information processing apparatus during merchandisepurchasing, storage means for storing information relating to thecommercial transaction acquired by the first acquiring means, and firstproviding means for providing the information relating to the commercialtransaction stored by the storage means to the first informationprocessing apparatus during receipt of merchandise.

The information communication device is further characterized bywireless communication means for carrying out short-range wirelesscommunication via electromagnetic radiation with the first informationprocessing apparatus in close proximity. The first providing means isthen capable of providing information relating to the commercialtransaction to the first information processing apparatus usingshort-range wireless communication by the wireless communication means.

The aforementioned storage means stores an identification numberidentifying the information communication terminal, and the firstproviding means is capable of providing the identification number storedby the storage means to the first information processing apparatustogether with information relating to the commercial transaction duringreceipt of merchandise.

Information relating to the commercial transaction is made to contain afirst identifier for identifying the commercial transaction, a secondidentifier for identifying whether or not payment of fees is completefor the commercial transaction, and the identification number of theinformation communication terminal used in the commercial transaction.

It is also possible to further provide second acquiring means foracquiring key information required to edit information relating to theaforementioned commercial transaction, and deleting means for deletinginformation relating to the commercial transaction stored by the storagemeans using the key information acquired by the second acquiring means.

It is also possible for the aforementioned storage means to storeinformation relating to trustworthiness of the user decided based onresults of commercial transactions of the user up to this point, and tofurther provide providing means for providing information relating totrustworthiness of the user stored by the storage means to the firstinformation processing apparatus during receipt of the merchandise.

Second acquiring means for acquiring key information required to editinformation relating to trustworthiness of the aforementioned user mayalso be provided, and the storage means may store information relatingto trustworthiness of the user using the key information acquired by thesecond acquiring means.

It is also possible to provide password input means for inputting apassword permitting providing of information relating to trustworthinessof the user, and authentication means for authenticating the passwordinputted by the password input means. The providing means then providesinformation relating to trustworthiness of the user when the password isauthenticated by authentication by the authentication means.

Second acquiring means for acquiring information relating totrustworthiness of a commercial transaction target of the commercialtransaction constituted by the user of the aforementioned firstinformation processing apparatus from a second information processingapparatus separate from the first information processing apparatus, anddisplay means for displaying information relating to trustworthiness ofthe commercial transaction target acquired by the second acquiring meansmay also be provided.

Third acquiring means for acquiring information relating to the firstinformation processing apparatus from the first information processingmeans in order to decide trustworthiness of the commercial transactiontarget of the commercial transaction and second providing means forproviding information relating to the first information processingapparatus acquired by the third acquiring means to the secondinformation processing apparatus may also be provided. The storage meansthen further stores information relating to the first informationprocessing apparatus acquired by the third acquiring means.

Fourth acquiring means for acquiring key information required to editinformation relating to the aforementioned first information processingapparatus, and deleting means for deleting information relating to thefirst information processing apparatus stored by the storage means usingthe key information acquired by the fourth acquiring means may also beprovided.

An information communication method of the present invention may also becharacterized by an acquisition control step of controlling acquiring ofinformation relating to a commercial transaction used in authenticationof a user provided by the information processing apparatus duringmerchandise purchasing, a storage control step of controllinginformation relating to the commercial transaction where acquisition iscontrolled by processing of the acquisition control step, and a firstproviding control step of controlling providing of information relatingto the commercial transaction with storage controlled by processing ofthe storage control step to the information processing apparatus whenreceiving merchandise.

A first recording medium program of the present invention may also becharacterized by an acquisition control step of controlling acquiring ofinformation relating to a commercial transaction used in authenticationof a user provided by the information processing apparatus duringmerchandise purchasing, a storage control step of controllinginformation relating to the commercial transaction where acquisition iscontrolled by processing of the acquisition control step, and a firstproviding control step of controlling providing of information relatingto the commercial transaction with storage controlled by processing ofthe storage control step to the information processing apparatus whenreceiving merchandise.

A first program of the present invention may also be characterized byimplementing an acquisition control step of controlling acquiring ofinformation relating to a commercial transaction used in authenticationof a user provided by the information processing apparatus duringmerchandise purchasing, a storage control step of controllinginformation relating to the commercial transaction where acquisition iscontrolled by processing of the acquisition control step, and a firstproviding control step of controlling providing of information relatingto the commercial transaction with storage controlled by processing ofthe storage control step to the information processing apparatus whenreceiving merchandise on a computer.

A first information processing apparatus of the present invention may becharacterized by first acquiring means for acquiring informationrelating to trustworthiness of a target of the commercial transactionfrom a communication terminal of the commercial transaction target ofthe commercial transaction, generating means for generating informationrelating to the commercial transaction during merchandise sales, firstproviding means for providing information relating to the commercialtransaction generated by the generating means to the informationcommunication terminal, storage means for storing information relatingto the commercial transaction generated by the generating means, secondacquiring means for acquiring information relating to the commercialtransaction from the information communication terminal duringmerchandise delivery, authentication means for authenticatinginformation relating to the commercial transaction acquired by thesecond acquiring means using information relating to the commercialtransaction stored by the storage means, and second providing means forproviding information relating to the information processing apparatusfor generating information relating to user trustworthiness to theinformation communication terminal authenticated by the authenticationmeans.

A first information processing method of the present invention may becharacterized by a first acquisition control step of controlling theacquisition of information relating to trustworthiness of a target ofthe commercial transaction provided by a communication terminal of thecommercial transaction target of the commercial transaction, agenerating step for generating information relating to the commercialtransaction during merchandise sales, a first providing control step forcontrolling providing of information relating to the commercialtransaction generated by the generating step process to the informationcommunication terminal, a storage control step for controlling storageof information relating to the commercial transaction generated by thegenerating step process, a second acquisition control step forcontrolling acquisition of information relating to the commercialtransaction provided by the information communication terminal duringmerchandise delivery, an authentication step for authenticatinginformation relating to the commercial transaction having acquisitionthereof controlled by the second acquisition control step usinginformation relating to the commercial transaction having storagethereof controlled by the storage control step process, and a firstproviding control step for controlling providing of information relatingto the information processing apparatus for generating informationrelating to user trustworthiness to the information communicationterminal authenticated by the authentication step processing.

A second recording medium program of the present invention may becharacterized by a first acquisition control step of controlling theacquisition of information relating to trustworthiness of a target ofthe commercial transaction provided by a communication terminal of thecommercial transaction target of the commercial transaction, agenerating step for generating information relating to the commercialtransaction during merchandise sales, a first providing control step forcontrolling providing of information relating to the commercialtransaction generated by the generating step process to the informationcommunication terminal, a storage control step for controlling storageof information relating to the commercial transaction generated by thegenerating step process, a second acquisition control step forcontrolling acquisition of information relating to the commercialtransaction provided by the information communication terminal duringmerchandise delivery, an authentication step for authenticatinginformation relating to the commercial transaction having acquisitionthereof controlled by the second acquisition control step usinginformation relating to the commercial transaction having storagethereof controlled by the storage control step process, and a firstproviding control step for controlling providing of information relatingto the information processing apparatus for generating informationrelating to user trustworthiness to the information communicationterminal authenticated by the authentication step processing.

A second program of the present invention may be characterized byimplementing a first acquisition control step of controlling theacquisition of information relating to trustworthiness of a target ofthe commercial transaction provided by a communication terminal of thecommercial transaction target of the commercial transaction, agenerating step for generating information relating to the commercialtransaction during merchandise sales, a first providing control step forcontrolling providing of information relating to the commercialtransaction generated by the generating step process to the informationcommunication terminal, a storage control step for controlling storageof information relating to the commercial transaction generated by thegenerating step process, a second acquisition control step forcontrolling acquisition of information relating to the commercialtransaction provided by the information communication terminal duringmerchandise delivery, an authentication step for authenticatinginformation relating to the commercial transaction having acquisitionthereof controlled by the second acquisition control step usinginformation relating to the commercial transaction having storagethereof controlled by the storage control step process, and a firstproviding control step for controlling providing of information relatingto the information processing apparatus for generating informationrelating to user trustworthiness to the information communicationterminal authenticated by the authentication step processing on acomputer.

A second information processing apparatus of the present invention ischaracterized by storage means for storing information relating totrustworthiness of the second user, providing means for providinginformation relating to trustworthiness of the second user stored by thestorage means to the information communication terminal, acquiring meansfor acquiring information relating to the first user from theinformation communication terminal and information relating to acommercial transaction, updating means for updating information relatingto the first user acquired by the acquiring means and informationrelating to trustworthiness of the second user stored by the storagemeans based on information relating to the commercial transactionacquired by the acquiring means, and providing means for providinginformation relating to trustworthiness of the first user updated by theupdating means to the information communication terminal.

A second information processing method of the present invention ischaracterized by a storage control step of controlling storage ofinformation relating to trustworthiness of the second user, a provisioncontrol step of controlling providing of information relating totrustworthiness of the second user, the storage thereof being controlledby processing of the storage control step, to the informationcommunication terminal, an acquisition control step of controllingacquisition of information relating to the first user provided by theinformation communication terminal and information relating to acommercial transaction, an updating step for updating informationrelating to trustworthiness of the first user with the acquisitionthereof controlled by the processing of the acquisition control step andinformation relating to trustworthiness of the second user with thestorage thereof controlled by the processing of the storage control stepbased on information relating to the commercial transaction withacquisition thereof controlled by processing of the acquisition controlstep, and a provision control step of controlling providing ofinformation relating to trustworthiness of the first user updated byprocessing of the updating step, to the information communicationterminal.

A third recording medium program of the present invention ischaracterized by a storage control step of controlling storage ofinformation relating to trustworthiness of the second user, a provisioncontrol step of controlling providing of information relating totrustworthiness of the second user, the storage thereof being controlledby processing of the storage control step, to the informationcommunication terminal, an acquisition control step of controllingacquisition of information relating to the first user provided by theinformation communication terminal and information relating to acommercial transaction, an updating step for updating informationrelating to trustworthiness of the first user with the acquisitionthereof controlled by the processing of the acquisition control step andinformation relating to trustworthiness of the second user with thestorage thereof controlled by the processing of the storage control stepbased on information relating to the commercial transaction withacquisition thereof controlled by processing of the acquisition controlstep, and a provision control step of controlling providing ofinformation relating to trustworthiness of the first user updated byprocessing of the updating step, to the information communicationterminal.

A third recording program of the present invention is characterized byimplementing a storage control step of controlling storage ofinformation relating to trustworthiness of the second user, a provisioncontrol step of controlling providing of information relating totrustworthiness of the second user, the storage thereof being controlledby processing of the storage control step, to the informationcommunication terminal, an acquisition control step of controllingacquisition of information relating to the first user provided by theinformation communication terminal and information relating to acommercial transaction, an updating step for updating informationrelating to trustworthiness of the first user with the acquisitionthereof controlled by the processing of the acquisition control step andinformation relating to trustworthiness of the second user with thestorage thereof controlled by the processing of the storage control stepbased on information relating to the commercial transaction withacquisition thereof controlled by processing of the acquisition controlstep, and a provision control step of controlling providing ofinformation relating to trustworthiness of the first user updated byprocessing of the updating step, to the information communicationterminal on a computer.

The first information processing system of the present invention isprovided with an information communication terminal connected to anetwork, for holding information relating to a commercial transactionand an information processing apparatus connected to the network, formanaging information relating to the commercial transaction. At theinformation communication terminal, information relating to thecommercial transaction is acquired from the information processingapparatus during merchandise purchasing. Acquired information relatingto the commercial transaction is then stored. Information relating tothe stored commercial transaction is then provided to the informationprocessing apparatus during receipt of the merchandise. At theinformation processing apparatus, information relating to the commercialtransaction is provided to the information communication terminal duringmerchandise sales and stored. Information relating to the commercialtransaction is then acquired from the information communication terminalduring merchandise delivery. Information relating to the acquiredcommercial transaction is then authenticated using information relatingto the stored commercial transaction.

A second information processing system of the present invention ischaracterized by: an information communication terminal connected to anetwork, for holding information relating to a commercial transaction; afirst information processing apparatus connected to said network, formanaging information relating to said commercial transaction; and asecond information processing apparatus connected to said network, formanaging information relating to trustworthiness of a first userconstituting a user of said information communication terminal andinformation relating to trustworthiness of a second user constituting auser of said first information processing apparatus. At the informationcommunication terminal, information relating to trustworthiness of thefirst user is stored, stored information relating to the trustworthinessof the first user is provided to the first information storage device,information relating to trustworthiness of the second user is acquiredfrom the second information processing apparatus, information relatingto a commercial transaction is acquired from the first informationprocessing apparatus, the stored trustworthiness of the first user andacquired information relating to the commercial transaction are providedto the second processing device, and information relating totrustworthiness of the first user updated by the second informationprocessing apparatus is acquired. At the first information processingapparatus, information relating to trustworthiness of the first user isacquired from the information communication terminal and informationrelating to the commercial transaction is provided to the informationcommunication terminal. At the second information processing apparatus,information relating to the trustworthiness of the second user isstored, stored information relating to the trustworthiness of the seconduser is provided to the information communication terminal, informationrelating to the trustworthiness of the first user from the informationcommunication terminal and information relating to the commercialtransaction is acquired, information relating to the trustworthiness ofthe first user and information relating to the trustworthiness of thesecond user is updated based on the acquired information relating to thecommercial transaction, and information relating to the updated firstuser trustworthiness is provided to the information communicationterminal.

With the information communication terminal and method, and firstprogram of the present invention, information relating to commercialtransactions used in authentication of a user is acquired from the firstinformation processing apparatus during merchandise purchasing, thisacquired information relating to commercial transactions is stored, andthe information relating to stored commercial transactions is providedto the first information processing apparatus when receivingmerchandise.

With the first information processing apparatus and method and thesecond program of the present invention, information relating totrustworthiness of a commercial transaction target is acquired from theinformation communication terminal of the communication target of thecommercial transaction, information relating to the commercialtransaction is generated during sale of the merchandise, this generatedinformation relating to the commercial transaction is provided to theinformation communication terminal and stored, information relating tothe commercial transaction is acquired from the informationcommunication terminal during handing over of the merchandise, theacquired information relating to the commercial transaction isauthenticated using information relating to the stored commercialtransaction, and information relating to the information processingapparatus for generating information relating to the trustworthiness ofthe user is provided to the authenticated information communicationterminal.

In the second information processing apparatus and method, and thirdprogram of the present invention, information relating to thetrustworthiness of the second user is stored, this stored informationrelating to the trustworthiness of the second user is provided to theinformation communication terminal, information relating to thetrustworthiness of the first user from the information communicationterminal and information relating to the commercial transaction isacquired, information relating to the trustworthiness of the first userand information relating to the trustworthiness of the second user isupdated based on this acquired information relating to the commercialtransaction, and this updated information relating to thetrustworthiness of the first user is provided to the informationcommunication terminal.

While it goes without saying that the information communicationterminal, first information processing apparatus, and second informationprocessing apparatus may be connected by wireless communication or bywired communication, it is also possible to have connection that is acombination of both wireless and wired communication, with wirelesscommunication being carried out at a certain section, and wiredcommunication being carried out at another section.

BRIEF DESCRIPTION OF DRAWINGS

FIG. 1 is a view showing an example configuration for an electroniccommercial transaction system to which the present invention is applied.

FIG. 2 is a view showing an example configuration for the externalappearance of the mobile telephone of FIG. 1.

FIG. 3 is an enlarged view of part of that shown in FIG.

FIG. 4 is a block view showing an example configuration of the inside ofa mobile telephone.

FIG. 5 is a block view showing a detailed example of a configuration fora non-contact IC card of FIG. 4.

FIG. 6 is a view showing an example of a specification for thenon-contact IC card of FIG. 4.

FIG. 7 is a block view showing an example configuration of the inside ofthe point-of-purchase server of FIG. 1.

FIG. 8 is a block view showing an example configuration of the inside ofthe point-of-receipt server of FIG. 1.

FIG. 9 is a block view showing a detailed example of a configuration forthe IC card reader/writer of FIG. 8.

FIG. 10 is a block view showing an example configuration of the insideof the authentication server of FIG. 1.

FIG. 11A is a view showing an example of data held by the mobiletelephone of FIG. 1.

FIG. 11B is a view showing an example of data held by thepoint-of-purchase server of FIG. 1.

FIG. 11C is a view showing an example of data held by thepoint-of-receipt server of FIG. 1.

FIG. 11D is a view showing an example of data held by the authenticationserver of FIG. 1.

FIG. 12 is a view showing an example of a process flow relating to asale of merchandise.

FIG. 13 is a flowchart illustrating purchasing processing by a mobiletelephone.

FIG. 14 is a flowchart continuing on from the flowchart of FIG. 13illustrating purchasing processing by a mobile telephone.

FIG. 15 is a flowchart illustrating processing of store reliability inproviding information performed by the authentication server.

FIG. 16 is a flowchart illustrating sales processing performed by apoint-of-purchase server 21.

FIG. 17 is a flowchart continuing on from the flowchart of FIG. 16illustrating sales processing performed by a point-of-purchase server21.

FIG. 18 is a view illustrating the flow of processing relating tohanding over of merchandise.

FIG. 19 is a flowchart illustrating merchandise receipt processingcarried out by a mobile telephone.

FIG. 20 is a flowchart illustrating merchandise delivery processingcarried out by the point-of-receipt server.

FIG. 21 is a continuation of the flowchart of FIG. 20 and is a flowchartillustrating merchandise delivery processing carried out by thepoint-of-receipt server.

FIG. 22 is a flowchart illustrating processing for providing purchasinginformation performed by the point-of-purchase server.

FIG. 23 is a view illustrating an example mechanism for authenticationprocessing to which the present invention is applied.

FIG. 24 is a view showing an example of flow of processing forreflecting commercial transaction results in user trustworthiness andstore trustworthiness.

FIG. 25 is a flowchart illustrating trustworthiness operation processingcarried out by a mobile telephone.

FIG. 26 is a continuation of the flowchart in FIG. 25 and is a flowchartillustrating trustworthiness operation processing carried out by amobile telephone.

FIG. 27 is a flowchart illustrating trustworthiness operation processingcarried out by the authentication server.

FIG. 28 is a continuation of the flowchart in FIG. 27 and is a flowchartillustrating trustworthiness operation processing carried out by anauthentication server.

FIG. 29 is a view illustrating a further example mechanism forauthentication processing to which the present invention is applied.

FIG. 30 is a flowchart illustrating handover processing by a purchasingmobile telephone.

FIG. 31 is a flowchart continuing on from the flowchart of FIG. 30illustrating handover processing by a purchasing mobile telephone.

FIG. 32 is a flowchart illustrating handover processing performed by apoint-of-purchase server.

FIG. 33 is a flowchart continuing on from the flowchart of FIG. 32illustrating handover processing performed by a point-of-purchaseserver.

FIG. 34 is a flowchart illustrating handover processing by a purchasingmobile telephone.

FIG. 35A is a view showing a further example of data held by the mobiletelephone of FIG. 1.

FIG. 35B is a view showing another example of data held by thepoint-of-purchase server of FIG. 1.

FIG. 35C is a view showing a further example of data held by thepoint-of-receipt server of FIG. 1.

FIG. 35D is a view showing a still further example of data held by theauthentication server of FIG. 1.

FIG. 36 is a view showing another of a process flow relating to a saleof merchandise.

FIG. 37 is a flowchart illustrating purchasing processing by a mobiletelephone.

FIG. 38 is a flowchart continuing on from the flowchart of FIG. 37illustrating purchasing processing by a mobile telephone.

FIG. 39 is a flowchart continuing on from the flowchart of FIG. 38illustrating purchasing processing by a mobile telephone.

FIG. 40 is a flowchart illustrating sales processing performed by apoint-of-purchase server.

FIG. 41 is a flowchart continuing on from the flowchart of FIG. 40, andis a flowchart illustrating sales processing performed by apoint-of-purchase server.

FIG. 42 is a view showing another of a process flow relating to handingover of merchandise.

FIG. 43 is a flowchart illustrating merchandise receipt processingcarried out by a mobile telephone.

FIG. 44 is a flowchart illustrating merchandise delivery processingcarried out by the point-of-receipt server.

FIG. 45 is a flowchart illustrating processing for providing purchasinginformation performed by the point-of-purchase server.

FIG. 46 is a flowchart illustrating processing for updating storetrustworthiness in information providing performed by the authenticationserver.

FIG. 47 is a view illustrating an example of the flow of processingrelating to updating of user trustworthiness.

FIG. 48 is a flowchart illustrating trustworthiness operation processingcarried out by a mobile telephone.

FIG. 49 is a flowchart illustrating trustworthiness operation processingcarried out by the authentication server.

BEST MODE FOR CARRYING OUT THE INVENTION

FIG. 1 is a view showing an example configuration for an electroniccommercial transaction system to which the present invention is applied.

In FIG. 1, a mobile telephone 11 carries out wireless communication withand is connected to a nearest base station 12 so as to be connected to anetwork 10 to which the base station 12 is connected typified by, forexample, the Internet, etc. Further, a point-of-purchase server 21installed at a point-of-purchase 20 constituted by a store where a userof the mobile telephone 11 orders merchandise via the network 10, apoint-of-receipt server 31 installed at a point of receipt 30constituted by a store where the merchandise purchased by the user ofthe mobile telephone 11 is received, and an authentication server 41providing basic services installed at an authentication service provider40 for managing trustworthiness relating to commercial transactionsbetween the user of the mobile telephone 11 and the store 20 using thesebasic services are connected to the network 10.

The mobile telephone 11 is operated by the user so as to carry outwireless communication with the nearest base station 12, access thepoint-of-purchase server 21 via the network 10, and carry outmerchandise purchasing processing. The mobile telephone 11 is operatedby the user so as to access the authentication server 41 of theauthentication service provider 40, trustworthiness of thepoint-of-purchase 20 is acquired, and this is provided to the user toenable a determination to be made as to whether or not to purchase themerchandise (product).

The point-of-purchase server 21 the carries out sales processing for themerchandise requested by the mobile telephone 11, and charge processingis carried out with respect to the user of the mobile telephone 11.Purchase information for the requested merchandise is then provided tothe point-of-receipt server 31 of the point of receipt 30 performingdelivery of the merchandise.

The point-of-receipt server 31 compares information relating to thecommercial transaction acquired from the point-of-purchase server 21 viathe network 10 and information provided by the mobile telephone 11, anddetermines whether or not the user of the mobile telephone 11 is thelegitimate purchaser of the merchandise.

The enterprise managing the point-of-purchase 20 and the enterprisemanaging the point of receipt 30 may be the same enterprise or may beenterprises working in cooperation, with merchandise sold at thepoint-of-purchase 20 being received at the point of receipt 30.

The user of the mobile telephone 11 purchasing the merchandise at thepoint-of-purchase 20 then visits the point of receipt 30 in order toreceive the merchandise.

The authentication server 41 is installed at the authentication serviceprovider 40 for providing the basic services and manages information forusers of the mobile telephone 11 registered as users, for thepoint-of-purchase 20, and for the point of receipt 30.

FIG. 2 is a view showing an example configuration for the externalappearance of the mobile telephone 11 of FIG. 1.

As shown in FIG. 2, the mobile telephone 11 is constructed from adisplay unit 11A and main body 11B, capable of being folded up using acentral hinge 111.

The display unit 11A has an antenna 112 for transmitting and receivingsignals that is capable of being pulled out or stored provided at anupper part of a left end. The mobile telephone 11 transmits and receiveselectromagnetic waves to and from the base station 12 constituting afixed wireless terminal via the antenna 112.

Further, the display unit 11A has a camera unit 113 capable of beingfreely rotated through an angle of substantially 180 degrees at thecenter of an upper end. The mobile telephone 11 can then take picturesof desired subjects using a camera 114 consisting of a CCD (ChargeCoupled Device) or CMOS (Complementary Metal Oxide Semiconductor) etc.provided at the camera unit 113.

When the camera unit 113 is positioned by the user as a result ofrotation through substantially 180 degrees, as shown in FIG. 3, thedisplay unit 11A is such that a speaker 122 provided at substantiallythe center of the back of the camera unit 113 is positioned straightahead. As a result, the mobile telephone 11 is switched over to a usualaudio telephone call state.

Further, a liquid crystal display 115 is provided at the center of thedisplay 11A. In addition to an electromagnetic wave receiving state,remaining battery, recipients names and telephone numbers registered asa telephone book, and call history etc., the liquid crystal display 115displays the content of e-mails, simple homepages, and images takenusing the camera 114 of the camera unit 113, etc.

On the other hand, operation keys 116 such as numeric keys 0 to 9, acall key, a redial key, a call complete key, a power key, a clear keyand an e-mail key etc. are provided at the surface of the main body 11B.Each type of instruction corresponding to operation of the operationkeys 116 is inputted at the mobile telephone 11.

Further, a memo button 117 and microphone 118 are provided below theoperation keys 116 of the main body 11B. The mobile telephone 11 recordsspeech of a person being called during a call when the memo button 117is operated. The mobile telephone 11 picks-up speech of a user during acall using a microphone 118.

A freely rotatable jog dial 119 is provided above the operation keys 116of the main body 11B so as to project slightly from the surface of themain body 11B. The mobile telephone 11 executes various operations suchas scrolling through an address book or e-mails displayed at the liquidcrystal display 115, a page rolling operation for a simple homepage, oran operation of transmitting an image according to rotation of the jogdial 119.

For example, at the main body 11B, a desired telephone number isselected from a plurality of telephone numbers in a telephone book listdisplayed at the liquid crystal display 115 in response to rotation ofthe jog dial 119 by the user, with a selected telephone number beingfinalized and call processing being carried out with respect to thistelephone number when the jog dial 119 is pushed in a direction towithin the body 11B.

A battery pack (not shown) is installed at the back side of the body 11Bso that when a call end/power key is put on, electrical power issupplied to each circuit part from the battery pack so as to activate astate where operation is possible.

A memory stick slot 120 for installing a freely detachable memory stick(registered trademark) 121 is provided at an upper part of the left sideof the main body 11B. When the memo button 117 is pressed down, themobile telephone 11 records speech of the person being called in theinstalled memory stick 121. The mobile telephone 11 records e-mail,simple homepages and images taken using the camera 114 in the installedmemory stick 131 according to user operations.

The memory stick 121 is a kind of flash memory card developed by thecurrent applicant, Sony Corporation. This memory stick 121 is an itemstoring a type of EEPROM (Electrically Erasable and Programmable ReadOnly Memory) flash memory element constituted by non-volatile memorycapable of being rewritten and erased electrically within a small, thinplastic case and is capable of reading and writing various types of datasuch as images, speech, and music etc. via ten pin terminals.

Because the mobile telephone 11 is configured so as to be capable ofbeing installed with this kind of memory stick 121, it is possible toshare data with other electronic equipment via the memory stick 121.

It is possible to extend the functions of the mobile telephone 11 stillfurther by incorporating a module (chip) for extending prescribedfunctions into the memory stick 121 and installing this in the memorystick slot 120.

For example, as described in the following, by installing the memorystick 121 incorporating a non-contact IC (Integrated Circuit) card inthe mobile telephone 11, it is possible to extend the functions so as togive the same electronic commercial transaction functions as fornon-contact IC cards even when, for example, these modules are notbuilt-into the mobile telephone 11.

FIG. 4 shows an example configuration of the inside of the mobiletelephone 11.

A power supply circuit 135, operation input control unit 132, imageencoder 133, camera interface (I/F) unit 134, LCD control unit 136,multiple separator 138, modulator/demodulator circuit 139, audio codec140, infrared communication unit 145 and non-contact IC card 146 (inthis example, a dedicated non-contact IC card (Felica chip (registeredtrademark)) is provided but it is also possible to provide non-contactIC card functions in the memory stick 121) are connected to a maincontrol unit 131 for providing overall control of each part of thedisplay unit 11A and body 11B via a main bus 141, and the image encoder133, image decoder 137, multiple separator 138, a memory stickcontroller 143, the modulator/demodulator circuit 139, and the audiocodec 140 are connected via a synchronous bus 142.

When the call end/power key is put on by a user operation, the powersupply circuit 135 activates each part of the mobile telephone 11 to astate where operation is possible as a result of electrical power beingsupplied from the battery pack to each of the parts.

The main control unit 131 constituted by a CPU (Central ProcessingUnit), ROM (Read Only Memory) and RAM (Random Access Memory) etc.converts an audio signal collected by the microphone 118 into a digitalaudio signal using the audio codec 140 at the time of audio call mode.The digital audio data is subjected to spectrum diffusion processing bythe modulator/demodulator circuit 139, subjected to digital/analogconversion processing and frequency conversion processing by atransceiver circuit 144, and is transmitted via the antenna 112.

Further, at the time of audio call mode, a receive signal received bythe antenna 112 is amplified, subjected to frequency conversionprocessing and analog/digital conversion processing, subjected toinverse spectrum diffusion processing by the modulator/demodulatorcircuit 139, and converted to an analog audio signal by the audio codec140. Audio corresponding to an analog audio signal is then outputtedfrom the speaker 122.

Further, at the time of the data communication mode, in the case oftransmission of e-mail, text data inputted by operation of the operationkeys 116 and the jog dial 119 is provided to the main control unit 131via the operation input control unit 132.

The main control unit 131 then ensures that the text data is subjectedto spectrum diffusion processing by the modulator/demodulator circuit139, subjected to digital/analog conversion processing and frequencyconversion processing by a transceiver circuit 144, and is thentransmitted via the antenna 112 to the base station 12.

With regards to this, when e-mail is received at the time of datacommunication mode, the received signal received from the base station12 via the antenna 112 is subjected to inverse spectrum diffusionprocessing by the modulator/demodulator circuit 139, and after theoriginal text data has been restored, this is displayed as an e-mail atthe liquid crystal display 115 via an LCD (Liquid Crystal Display)control unit 136.

An e-mail received in response to a user operation can also be recordedin the memory stick 121 via the memory stick controller 143.

When image data is transmitted in data communication mode, image datataken using the camera 114 is provided to the image encoder 133 via thecamera interface unit 134.

In the case of the transmission of image data during the datacommunication mode, image data taken by the camera 114 can be directlydisplayed at the liquid crystal display 115 via the camera interfaceunit 134 and the LCD control unit 136.

The image encoder 133 converts image data provided by the camera 114into encoded image data using compression encoding employing prescribedencoding methods such as MPEG (Moving Picture Experts Group) 2 or MPEG4, etc. and sends this to the multiple separator 138.

At the same time as this, audio collected by the microphone 118 duringphotographing by the camera 114 is sent to the multiple separator 138 asdigital audio data via the audio codec 140.

The multiple separator 138 then multiplexes encoded image data providedby the image encoder 133 and audio data provided by the audio codec 140using a prescribed method. The multiplexed data obtained as a result issubjected to spectrum diffusion processing by the modulator/demodulatorcircuit 139, subjected to digital/analog conversion processing andfrequency conversion processing by a transceiver circuit 144, and istransmitted via the antenna 112.

With regards to this, at the time of data communication mode, when, forexample, data for a moving image file linked to at a simple homepageetc. is received, a signal received from a base station via the antenna112 is subjected to inverse spectrum diffusion processing by themodulator/demodulator circuit 139 and multiplexed data obtained as aresult is sent to the multiple separator 138.

The multiple separator 138 separates the multiplexed data into encodedimage data and audio data and provides the encoded image data to animage decoder 137 and provides audio data to the audio codec 140 via thesynchronous bus 142.

The image decoder 137 generates playback moving image data by decodingthe encoded image data using a decoding method corresponding to aprescribed encoding method such as MPEG 2 or MPEG 4 and provides this tothe liquid crystal display 115 via the LCD control unit 136. As aresult, for example, images for moving image data contained in movingimage files linked to at a simple homepage are displayed.

At the same time as this, after converting the audio signal to an analogaudio signal, the audio codec 140 supplies this audio signal to thespeaker 122. In this way, the mobile telephone 11, for example, playsback audio corresponding to audio data contained in the moving imagefile linked to at the simple homepage.

In this case also, as in the case of e-mail, it is possible to recorddata linked to at the received simple homepage etc. in the memory stick121 via the memory stick controller 143 using user operations.

The non-contact IC card 146 may then be brought close to anotherinformation processing apparatus having an IC card reader/writer so thatwhen electromagnetic waves radiated from the IC card reader/writer arereceived, various information is provided to the IC card reader/writerin response to this.

A drive 150 installed as necessary reads a program stored in a recordingmedium such as a magnetic disc 151 such as a floppy disc or hard discetc., an optical disc 152 such as a CD-ROM (Compact Disk Read OnlyMemory) or a DVD (Digital Versatile Disc) etc., a magneto-optical disc153 such as an MD (Mini Disk) (trademark) etc., or a semiconductormemory 154 and provides this program to RAM etc. of the main controlunit 131 via the main bus 141.

FIG. 5 is a block view showing a detailed example of a configuration forthe non-contact IC card 146.

The non-contact IC card 146 is comprised of, for example, an antenna(loop antenna) 170 and capacitor 171 shown in the drawing, and an ICstoring other aspects of the configuration on one chip. The non-contactIC card 146 then communicates various types of data with an IC cardreader/writer provided at another information processing apparatus in ahalf-duplex manner by utilizing electromagnetic induction, and does notby any means have to be card-shaped. Further, “IC card” is a name givenfor convenience of description, and is intended to mean functionsdescribed above or described in the following. Further, for example, aFelica chip (registered trademark) may also be given as a deviceproviding substantially the same functions as the non-contact IC card146.

A CPU 161 expands a control program stored in ROM 162 into RAM 163, andcontrols all of the operations of the non-contact IC card 146. Forexample, when electromagnetic waves radiated from the IC cardreader/writer provided at another information processing apparatus arereceived by an antenna 170, the CPU 161 notifies the IC cardreader/writer of a card identification number set at the non-contact ICcard 146 in response to this, and processing relating to receivingmerchandise is carried out.

An LC circuit configured from the antenna 170 and capacitor 171resonates with electromagnetic waves of a prescribed frequency radiatedfrom an IC card reader/writer provided at another information processingapparatus located in the vicinity. At an ASK (Amplitude Shift Keying)demodulator 183, an interface 169 demodulates a (ASK modulated wave)modulated wave received via the antenna 170 using envelope demodulation,and data for after demodulation is outputted to a BPSK (Binary PhaseShift Keying) demodulator 172.

At the interface 169, an alternating magnetic field excited at theantenna 170 is rectified by the ASK demodulator 183, and this isstabilized at a voltage regulator 181 and supplied to each part as adirect current power source. The electric power of electromagnetic wavesradiated from the IC card reader/writer is regulated to as to generatean electric field covering the required electric power at thenon-contact IC card as described in the following.

Further, an oscillation circuit 184 of the interface 169 has a PLL(Phase Locked Loop) circuit built-in so as to generate a clock signalthat is the same as the received clock frequency.

In the case of the interface 169 sending, for example, balanceinformation etc. to an IC card reader/writer provided on anotherinformation processing apparatus, for example, a prescribed switchingelement (not shown) is made to go on and off in a manner correspondingto data provided by a BPSK modulator 168, so as to cause the load of theantenna 170 to fluctuate by connecting a prescribed load in parallelwith the antenna 170 only when the switching element is on.

An ASK modulator 182 AKS-modulates a modulated wave from the IC cardreader/writer received at the antenna 170 by causing the load of theantenna 170 to fluctuate. This modulated component is then sent to theIC card reader/writer via the antenna 170 (the terminal voltage of theantenna of the IC card reader/writer is made to change) (load-switchingmethod).

When data demodulated by the ASK demodulator 183 is BPSK-modulated, thisdata is demodulated by the BPSK demodulator 172 (decoding of Manchestercode) based on a clock signal provided by a PLL circuit (not shown) anddemodulated data is outputted to a data receiver 173. The data receiver173 appropriately outputs the provided data to the CPU 161. The CPU 161stores this data in the RAM 163 or in an EEPROM 164.

Data stored in the EEPROM 164 is read-out by the CPU 161, and suppliedto a data transmission unit 167. The BPSK modulator 168 performs BPSKmodulation (encoding to Manchester code) on data supplied by the datatransmission unit 167 and outputs this to the ASK modulator 182.

An input/output interface 165 carries out interface processing with themain control unit 131.

Electronic money information is stored in the EEPROM 164. The user isthen able to settle fees for purchased products and services etc. byutilizing this electronic money. The settlement history is also storedin an EEPROM 164.

FIG. 6 is a view showing an example of a specification for thenon-contact IC card 146.

As described above, communication between the IC card reader/writer andthe non-contact IC card 146 is carried out by half-duplex, and thiscommunication speed is taken to be, for example, 211.875 kbps.

Further, as shown in FIG. 6, the center frequency of the frequency bandused in electric power transmission to the non-contact IC card 146 fromthe IC card reader/writer, and data transmission, and data transmissionto the IC card reader/writer from the non-contact IC card 146 is takento be, for example, 13.56 MHz.

Output of electromagnetic waves outputted from the IC card reader/writerin order to transmit electric power is, for example, 350 mW, and thecommunication distance is, for example, approximately 10 cm, althoughthis depends on aspects of the communication environment such as antennacharacteristics etc.

As described above, data transfer from the IC card reader/writer to thenon-contact IC card 146 is carried out by performing ASK modulation ondata encoded using Manchester code, and this modulation (maximumamplitude of data signal/maximum amplitude of carrier wave) is taken tobe, for example, approximately 0.1. Further, as described above, datatransfer from the non-contact IC card 146 to the IC card reader/writeris carried out by converting data outputted using a load switchingmethod to a transmission signal (causing the load of the antenna 170 tofluctuate by putting a switching element on and off in according tooutput data).

In the above, the non-contact IC card 146 is built-into the mobiletelephone 1 but may also, for example, be installed into the mobiletelephone 11 incorporated into the memory stick 121 so as to becontrolled by the memory stick controller 143.

FIG. 7 is a block view showing an example configuration of the inside ofthe point-of-purchase server 21 of FIG. 1.

In FIG. 7, a CPU 201 executes various processes such as the execution ofcharge processing at a charge processing unit 204 in accordance with aprogram stored in a ROM 202 and a program loaded into RAM 203 from astorage unit 223. Data etc. required for the CPU 201 to execute variousprocesses is also appropriately stored in RAM 203.

The CPU 201, ROM 202, RAM 203 and charge processing unit 204 areconnected together via a bus 210. An input/output interface 220 is alsoconnected to this bus 210.

An input unit 221 comprised of a keyboard and mouse, etc., an outputunit 222 comprised of a display consisting of a CRT (Cathode Ray Tube)and LCD (Liquid Crystal Display) etc. and speaker etc., a storage unit223 comprised of a hard disc etc., and a communication unit 224comprised of a modem and terminal adapter etc. are connected to theinput/output interface 220.

As described in the following, purchase information constituted byinformation relating to commercial transactions and key informationrequired to update information is stored in the storage unit 223.

The communication unit 224 carries out communication processing via thenetwork 10 shown in FIG. 10. Further, the communication unit 224distributes purchase information and key information etc. stored in thestorage unit 223 via the Internet constituting the network 10 using, forexample, a TCP/IP (Transmission Control Protocol/Internet Protocol)protocol.

A drive 230 is connected to the input/output interface 220 as necessary,and a magnetic disc 231, optical disc 232, magneto-optical disc 233, orsemiconductor memory 234 etc. are installed as appropriate. Computerprograms read from these media are then installed in the storage unit223 as necessary.

FIG. 8 is a block view showing an example configuration of the inside ofthe point-of-receipt server 31 of FIG. 1.

The CPU 251 executes various processing in accordance with programsstored in the ROM 252 or the storage unit 273. Programs and dataexecuted by the CPU 251 are appropriately stored in the RAM 253. The CPU251, ROM 252, and RAM 253 are connected together via a bus 260.

An input/output interface 270 is connected at the bus 260, and an inputunit 271 comprised of a keyboard and mouse etc., an output unit 272comprised of a display consisting of a CRT or LCD etc. and a speakeretc., a storage unit 273 comprised of a hard disc etc., a communicationunit 274 comprised of a modem or terminal adapter etc., and an IC cardreader/writer 275 for carrying out wireless communication with anon-contact IC card in the vicinity are connected to the input/outputinterface 270.

A drive 280 is connected to the input/output interface 270 as necessary,and a magnetic disc 281, optical disc 282, magneto-optical disc 283, orsemiconductor memory 284 etc. are installed as appropriate. Computerprograms read from these media are then installed in the storage unit273 as necessary.

FIG. 9 is a block view showing a detailed example of a configuration forthe IC card reader/writer 275 of FIG. 8.

IC 291 is comprised of a CPU 301, ROM 302, RAM 303, SCC (SerialCommunication Controller) 304, SPU (Signal Processing Unit) 306, and bus305 mutually connecting the CPU 301 through to the SPU 306 together.

The CPU 301 opens a control program stored in the ROM 302 up into theRAM 303, so as to execute various processing based on, for example,response data transmitted from the non-contact IC card 146 and controlsignals provided from the CPU 251 of FIG. 8. For example, the CPU 301generates a command transmitted to the non-contact IC card 146 so thatthis is outputted to the SPU 306 via the bus 305, or so thatauthentication processing etc. is carried out for data sent from thenon-contact IC card 146.

The SCC 304 supplies data supplied from the CPU 1251 of FIG. 8 to theCPU 301 via the bus 305, and outputs data supplied by the CPU 301 viathe bus 305 to the CPU 251.

When response data from the non-contact IC card 146 is supplied from thedemodulation unit 294, the SPU 306 subjects this data to, for example,BPSK demodulation (decoding of Manchester code) etc., and provides theacquired data to the CPU 301. Further, when a command sent to thenon-contact IC card 146 is provided via the bus 305, the SPU 306subjects this command to BPSK modulation (encoding to Manchester code),and the acquired data is outputted to the modulator 292.

The modulator 292 ASK modulates a carrier wave of a prescribed frequency(for example, 13.56 MHz) supplied by an oscillating circuit (OSC) 293based on data supplied by the SPU 306, and outputs the generatedmodulated wave from an antenna 295 as electromagnetic radiation. On theother hand, the demodulator 294 demodulates a modulated wave (ASKmodulated wave) acquired via the antenna 295 and outputs the demodulateddata to the SPU 296.

The antenna 295 radiates prescribed electromagnetic radiation, anddetects whether or not the non-contact IC card 146 is nearby based onchanges in load with respect to this. Then, for example, when thenon-contact IC card 146 is in the vicinity, the antenna 295 transmitsand receives various data to and from the non-contact IC card 146.

FIG. 10 is a block view showing an example configuration of the insideof the authentication server 41 of FIG. 1.

In FIG. 10, the CPU 311 executes various processing in accordance withprograms stored in the ROM 312 and programs loaded into the RAM 313 fromthe storage unit 323. Data etc. required for the CPU 311 to executevarious processes is also appropriately stored in RAM 313.

The CPU 311, ROM 312, and RAM 313 are connected together via a bus 314.An input/output interface 320 is also connected to this bus 314.

An input unit 321 comprised of a keyboard and mouse etc., a displaycomprised of a CRT or LCD etc., an output unit 322 comprised of aspeaker etc., a storage unit 323 comprised of a hard disc etc., and acommunication unit 324 comprised of a modem or terminal adapter etc. areconnected to the input/output interface 320.

A drive 330 is connected to the input/output interface 320 as necessary,and a magnetic disc 331, optical disc 332, magneto-optical disc 333, orsemiconductor memory 334 etc. are installed as appropriate. Computerprograms read from these media are then installed in the storage unit323 as necessary.

Next, a description is given with reference to FIG. 11A to FIG. 11D ofdata held in the mobile telephone 11, point-of-purchase server 21,point-of-receipt server 31, and authentication server 41 respectively ina state before the user of the mobile telephone 11 of FIG. 1 purchasesmerchandise.

The mobile telephone 11 shown in FIG. 11A holds information for a cardidentification number 351 and user trustworthiness 352 in the built-innon-contact IC card 146.

The card identification number 351 is a number assigned in advance tothe non-contact IC card 146 and is a number for identifying thenon-contact IC card 146. This card identification number 351 is providedby the authentication service provider 40 when the user of the mobiletelephone 11 is registered as a purchaser of merchandise with thisservice. During this time, the card identification number 351 may beprovided via the network 10 by the authentication server 41 or may beprovided by the authentication service provider 40 using a separatemethod.

The user trustworthiness 352 is information relating to trustworthinessof the user of the mobile telephone 11 with regards to electroniccommercial transactions using this service and is referenced by thepoint-of-purchase 20 constituting the target of the commercialtransaction. As described in the following, the user trustworthiness 352is decided by the authentication server 41 based on past experience ofthe user of the mobile telephone 11.

The point-of-purchase server 21 shown in FIG. 11B stores purchasinginformation 353 constituting information relating to electronicpurchases employing this service and a purchasing information rewritingkey 361 constituting key information necessary in the making, editingand deleting of this purchasing information 353 in the storage unit 223.

As described in the following, the purchasing information 353 isinformation relating to purchasing of merchandise by the user of themobile telephone 11 etc., with the point-of-receipt server 31 carryingout authentication processing of the user of the mobile telephone 11based on this information.

Further, as described in the following, the purchasing information 353is supplied to the IC card 146 of the mobile telephone 11 and thepoint-of-receipt server 31 etc. Therefore, in order to prevent illegalduplication and falsification, it is not possible to make, edit ordelete the purchasing information 353 without using the purchasinginformation rewriting key 361.

The purchasing information rewriting key 361 is key information formaking, editing and deleting etc. the purchasing information 353. Thepurchasing information rewriting key 361 is a kind of one-time passwordand is supplied to the mobile telephone 11 etc. while thepoint-of-purchase server 21 and the point of receipt server 31generating the purchasing information rewriting key 361 update thepurchasing information 353. When the purchasing information 353 isupdated using the purchasing information rewriting key 361 provided, themobile telephone 11 deletes the purchasing information rewriting key 361used. The point-of-purchase server 21 and the point of receipt server 31generating the purchasing information rewriting key 361 can supplypurchasing information rewriting keys 361 to the mobile telephone 11 anynumber of times.

The point-of-receipt server 31 shown in FIG. 11C stores the purchasinginformation rewriting key 361 described above and a temporary commercialtransaction information rewriting key 362 constituting key informationrequired in making, editing and deleting of temporary commercialtransaction information described in the following in the storage unit273.

The temporary commercial transaction information rewriting keys 362 aredistributed in advance by the authentication service provider 40 and iskey information for making, editing and deleting etc. temporarycommercial transaction information described in the following.Therefore, in order to prevent illegal duplication and falsification, itis not possible to make, edit or delete the temporary commercialtransaction information without using the temporary commercialtransaction information rewriting key 362.

The temporary commercial transaction information rewriting key 362 iskey information for making, editing and deleting etc. temporarycommercial transaction information. The temporary commercial transactioninformation rewriting key 362 is a kind of one-time password and issupplied to the mobile telephone 11 etc. while the point-of-receiptserver 31 authentication server 41 generating the temporary commercialtransaction information rewriting key 362 update the temporarycommercial transaction information. When the temporary commercialtransaction information is updated using the temporary commercialtransaction information rewriting key 362 provided, the mobile telephone11 deletes the temporary commercial transaction information rewritingkey 362 used. The point of receipt server 31 and the authenticationserver 41 generating the temporary commercial transaction informationrewriting key 362 can supply temporary commercial transactioninformation rewriting keys 362 to the mobile telephone 11 any number oftimes.

The authentication server 41 shown in FIG. 11D stores the temporarycommercial transaction information rewriting key 362, a usertrustworthiness rewriting key 363 constituting key information requiredto update the user trustworthiness described above, and storetrustworthiness 354 constituting information relating to thetrustworthiness of the store 20 is stored in the storage unit 323.

The user trustworthiness rewriting key 363 is key information forupdating the user trustworthiness 352 stored in the non-contact IC card146 of the mobile telephone 11. Therefore, in order to prevent illegalduplication and falsification, it is not possible to make, edit ordelete the user trustworthiness 352 without using the usertrustworthiness rewriting key 363.

The user trustworthiness rewriting key 363 is key information formaking, editing and deleting etc. user trustworthiness. The usertrustworthiness rewriting key 363 is a kind of one-time password, and issupplied to the mobile telephone 11 etc. while the authentication server41 generating the user trustworthiness rewriting key 363 is instructingupdating of the user reliability. When user trustworthiness is updatedusing the user trustworthiness rewriting key 363 provided, the mobiletelephone 11 deletes the user trustworthiness rewriting key 363 used.The authentication server 41 generating the user trustworthinessrewriting key 363 can supply the user trustworthiness rewriting key 363to the mobile telephone 11 etc. any number of times.

The store trustworthiness 354 is information relating to trustworthinessof a store 20 with regards to electronic commercial transactions usingthis service and is referenced by the user of the mobile telephone 11constituting the target of the commercial transaction. This storetrustworthiness 354 is decided by the authentication server 41 based onpast experience of the store 20.

Next, a description is given of the flow of processing of the mobiletelephone 11, point-of-purchase server 21 and authentication server 41relating to the sale of merchandise in the electronic commercialtransaction system of FIG. 1, as shown in FIG. 12.

The user of the mobile telephone 11 then operates the mobile telephone11, acquires GUI information from the point-of-purchase server 21, anddisplays information relating to the merchandise. The user then decideswhether or not to purchase the merchandise by looking at the displayedmerchandise information. During this time, the user operates the mobiletelephone 11 so as to acquire information (store trustworthiness 354)relating to trustworthiness of the point-of-purchase 20 from theauthentication server 41 in order to confirm whether or not thepoint-of-purchase 20 where a commercial transaction is to be made istrustworthy (arrows 371 and 372).

When the store trustworthiness 354 is obtained and displayed using themobile telephone 11, the user decides whether or not to purchase themerchandise based on this information.

The mobile telephone 11 operated by the user that has decided topurchase the merchandise then makes a request to the point-of-purchaseserver 21 to purchase the merchandise (arrow 373).

With respect to this, the point-of-purchase server 21 makes a request tothe mobile telephone 11 for the user trustworthiness 352 in order toconfirm whether or not the user of the mobile telephone 11 istrustworthy as a person with which to make a commercial transaction(arrow 374), and the mobile telephone 11 then provides the usertrustworthiness 352 in response to this request (arrow 375).

The point-of-purchase server 21 that has acquired the usertrustworthiness 352 and confirmed that the user of the mobile telephone11 is trustworthy then makes a request to the mobile telephone 11 forthe card identification number 351 allotted to the non-contact IC card146 (arrow 376). The mobile telephone 11 then provides the cardidentification number 351 in response to this request.

The point-of-purchase server 21 that has acquired the cardidentification number 351 then carries out processing relating topurchasing and charging, and sells the merchandise. Thepoint-of-purchase server 21 then generates purchasing information 353constituting information relating to the current commercial transactionand provides this to the mobile telephone 11 together with thepurchasing information rewriting key 361 (arrow 378).

As shown in FIG. 12, the purchasing information 353 is comprised of apurchasing identifier for identifying the corresponding commercialtransaction, a payment identifier for identifying whether or not paymentfor the sale of the merchandise has been made, and a purchasing cardidentification number constituted by the card identification number 351allotted to the non-contact IC card 146 in the possession of the userpurchasing the merchandise.

The mobile telephone 11 provided with the purchasing information 353 andthe purchasing information rewriting key 361 then records the purchasinginformation 353 in the non-contact IC card 146 using the purchasinginformation rewriting key 361. When this writing is complete, the mobiletelephone 11 deletes the purchasing information rewriting key 361 andprovides notification of completion of writing to the point-of-purchaseserver 21 (arrow 379).

When notification of completion of writing is acquired, thepoint-of-purchase server 21 provides notification of completion ofprocessing to the mobile telephone 11 (arrow 380) and processingrelating to purchase of the merchandise is complete. When the providednotification of completion of processing is acquired, the mobiletelephone 11 ends processing relating to purchase of the merchandise.

The following is a description with reference to the flowcharts of FIG.13 and FIG. 14 of purchasing processing of the mobile telephone 11.

First, in step S1, the main control unit 131 of the mobile telephone 11carries out wireless communication with the nearest base station 12 viathe antenna 112, accesses the point-of-purchase server 21 via thenetwork 10, and requests purchasing information. The point-of-purchaseserver 21 that has acquired this request then provides the requestedpurchasing information to the mobile telephone 11 as described in thefollowing.

In step S2, the main control unit 131 determines whether or not therequested merchandise information has been acquired, and waits until itis determined that acquisition has taken place.

When it is determined that the merchandise information has beenacquired, the main control unit 131 advances the processing to step S3and controls the LCD control unit 136 so that a screen corresponding tothe acquired merchandise information is displayed at the liquid crystaldisplay 115. The user then decides whether or not to purchase themerchandise based on the displayed screen. Further, during this time,the user makes a request to the authentication server 41 for the storetrustworthiness 354 to use this to determine the trustworthiness of thepoint-of-purchase 20.

In step S4, the main control unit 131 controls the operation inputcontrol unit 132 so as to monitor for user operation inputs, anddetermines whether or not to request store trustworthiness informationbased on instructions inputted by the user.

When it is determined to request the store trustworthiness information,the main control unit 131 advances the processing to step S5, carriesout wireless communication with the closest base station 12 via theantenna 112, accesses the authentication server 41 via the network 10,and requests store trustworthiness information containing the storetrustworthiness 354. This processing corresponds to the processing ofarrow 371 of FIG. 12. As described in the following, the authenticationserver 41 generates trustworthiness information containing the storetrustworthiness 354 recorded in the storage unit 323 based on thisrequest, and provides this to the mobile telephone 11 via the network10.

In step S6, the main control unit 131 determines whether or not therequested store trustworthiness information has been acquired, and waitsuntil it is determined that acquisition has taken place.

When it is determined that the requested store trustworthinessinformation has been acquired, the main control unit 131 advances theprocessing to step S7, controls the LCD control unit 136, displays ascreen corresponding to the acquired store trustworthiness informationat the liquid crystal display 115, and advances the processing to stepS8. The user then decides upon the reliability of the point-of-purchase20 and upon whether or not to purchase the merchandise based on thedisplayed screen.

Further, when it is determined based on user instruction in step S4 thatstore trustworthiness information has not been requested, the maincontrol unit 131 omits the processing from step S5 to step S7 describedabove and advances the processing to step S8.

In step S8, the main control unit 131 determines whether or not topurchase merchandise based on user instruction. When it is determinedthat merchandise is to be purchased based on instructions inputted by auser as a result of operating the operation keys 116 or the jog dial119, the main control unit 131 advances the processing to step S9 andmakes a request to the point-of-purchase server 21 for purchasinginformation via the network 10. This processing corresponds to theprocessing of arrow 373 of FIG. 12.

The point-of-purchase server 21 that has acquired this merchandisepurchase request then requests the user trustworthiness 352 of themobile telephone 11 as described in the following. In step S10, the maincontrol unit 131 determines whether or not a request for usertrustworthiness information has been acquired, and waits until it isdetermined that acquisition has taken place.

When it is determined the user trustworthiness information has beenacquired, the main control unit 131 advances processing to step S11, anda determination is made as to whether or not a password is set.

The user trustworthiness 352 is personal information for the user of themobile telephone 11, and there are therefore cases where this recallsuncertainty in the user in providing this to the store for the usertrustworthiness 352. In this case, the mobile telephone 11 can be set upin such a manner that input of a password is required when reading thisuser trustworthiness 352.

When it is determined in step S11 that a password is set up, then inputof the password is necessary to read the user trustworthiness 352. Themain control unit 131 therefore advances the processing to step S21 ofFIG. 14, controls the operation input control unit 132, determineswhether or not the password has been inputted, and waits until input isdetermined.

When input of the password is determined, the main control unit 131advances processing to step S22, the inputted password is set inadvance, and is confirmed through comparison with a password stored inRAM etc. built-into the main control unit 131.

Then, in step S23, the main control unit 131 determines whether or notthe inputted password has been authenticated based on the processingresults of step S22. When it is determined that the password has beenauthenticated, the main control unit 131 advances the processing to stepS24.

Further, when it is determined in step S11 of FIG. 13 that a password isnot set, the main control unit 131 advances processing to step S24 ofFIG. 14.

In step S24, the main control unit 131 acquires the user trustworthiness352 stored in the non-contact IC card 146, and provides usertrustworthiness information containing this user trustworthiness 352 tothe point-of-purchase server 21 via the network 10. This processingcorresponds to the processing of arrow 375 of FIG. 12.

The point-of-purchase server 21 that has acquired the usertrustworthiness information then determines whether or not the user ofthe mobile telephone 11 is trustworthy. When the user is determined tobe trustworthy, a request is made to the mobile telephone 11 for cardidentification number information containing the card identificationnumber 351 allotted to the non-contact IC card 146.

In step S25, the main control unit 131 determines whether or not arequest for this card identification number information has beenacquired, and waits until it is determined that acquisition has takenplace. When it is determined that a card identification numberinformation request has been acquired, the main control unit 131advances processing to step S26, the card identification number 351 isacquired from the non-contact IC card 146, and card identificationnumber information containing this card identification number 351 isprovided to the point-of-purchase server 21 via the network 10. Thisprocessing corresponds to the processing of arrow 377 of FIG. 12.

After carrying out processing relating to sale of and charging for themerchandise, the point-of-purchase server 21 that has acquired the cardidentification number information generates the purchasing information353 described above and provides this to the mobile telephone 11.

In step S27, the main control unit 131 determines whether or not thepurchasing information 353 has been acquired, and waits until it isdetermined that acquisition has taken place. When it is determined thatthe purchasing information 353 has been acquired, the processingadvances to step S28, and the acquired purchasing information 353 isrecorded in the non-contact IC card 146.

When recording of the purchasing information 353 is complete, the maincontrol unit 131 advances the processing to step S29, and notificationof completion of writing is provided to the point-of-purchase server 21via the network 10. This processing corresponds to the processing ofarrow 379 of FIG. 12.

The point-of-purchase server 21 that has acquired the notification ofcompletion of writing then provides notification of completion ofprocessing to the mobile telephone 11.

In step S30, the main control unit 131 determines whether or notnotification of completion of processing has been acquired, and waitsuntil it is determined that acquisition has taken place. When it isdetermined that notification of completion of processing has beenacquired, in step S31, the main control unit 131 controls the LCDcontrol unit 136 so as to display a screen corresponding to the acquirednotification of completion of processing at the liquid crystal display115. The user then confirms the processing is complete by looking at thescreen corresponding to this notification of completion of processing.

The main control unit 131 displaying the screen corresponding to thenotification of completion of processing then ends the purchasingprocessing.

In step S8 of FIG. 13, when it is determined that the merchandise is notto be purchased, the main control unit 131 ends purchasing processing.Further, in step S23, when the inputted password is not authenticated(when passwords inputted by the user a plurality of times are all notauthenticated), the main control unit 131 ends purchasing processing.

Next, store trustworthiness information providing processing by theauthentication server 41 executed so as to correspond to the processingof step S4 to step S7 of the purchasing processing of the mobiletelephone 11 described above is now described with reference to theflowchart of FIG. 15.

First, in step S41, the CPU 311 of the authentication server 41determines whether or not a request for store trustworthinessinformation provided by the mobile telephone 11 has been acquired in theprocessing of step S5 of FIG. 13.

When it is determined that a request for store trustworthinessinformation has been acquired, the CPU 311 advances processing to stepS42, store trustworthiness 354 of the point-of-purchase 20 stored in thestorage unit 323 is acquired, store trustworthiness informationcontaining the store trustworthiness 354 is generated, and the generatedstore trustworthiness information is provided to the mobile telephone 11via the network 10 by controlling the communication unit 324. Thisprocessing corresponds to the arrow 372 of FIG. 12.

The CPU 311 providing the store trustworthiness information thenadvances the processing to step S43.

In step S41, when it is determined that a request for storetrustworthiness information has not been acquired, the CPU 311 omits theprocessing of step S42, and processing advances to step S43.

In step S43, the CPU 311 determines whether or not store trustworthinessinformation providing processing is finished. When it is determined thatthe processing is not finished, the CPU 311 returns to step S41 andprocessing from there onwards is repeated. Further, when it isdetermined that the sales processing has finished, the storetrustworthiness information providing processing ends.

Next, processing by the point-of-purchase server 21 executedcorresponding to purchasing processing by the mobile telephone 11 asdescribed above is described with reference to the flowcharts of FIG. 16and FIG. 17.

First, in step S61, the CPU 201 of the point-of-purchase server 21controls the communication unit 224 and determines whether or not arequest for merchandise information has been acquired. When it isdetermined that a request for merchandise information has been acquired(when merchandise information is requested by the mobile telephone 11),the CPU 201 advances processing to step S62, the requested merchandiseinformation stored in the storage unit 223 is acquired, and is providedto the mobile telephone 11 via the network 10 by controlling thecommunication unit 224.

The CPU 201 provided with the merchandise information then advances theprocessing to step S63. Further, in step S61, when it is determined thata request for merchandise information has not been acquired, the CPU 201omits the processing of step S62, and processing advances to step S63.

In step S63, the CPU 201 controls the communication unit 224 anddetermines whether or not a request for purchasing information providedby the processing of step S9 of FIG. 13 has been acquired.

The CPU 201 determining that a request for merchandise information hasbeen acquired then controls the communication unit 224 in step S64 andmakes a request to the mobile telephone 11 for user trustworthinessinformation. This processing corresponds to the processing of arrow 374of FIG. 12.

To conform with this request, in step S24 of FIG. 14, the mobiletelephone 11 supplies user trustworthiness information containing theuser trustworthiness 352 to the point-of-purchase server 21.

In step S65, the CPU 201 controls the communication unit 224 so as todetermine whether or not requested user trustworthiness information 352has been acquired, and waits until it is determined that acquisition hastaken place.

When it is determined that user trustworthiness information has beenacquired, the CPU 201 advances the processing to step S66, extracts usertrustworthiness 352 from the acquired user trustworthiness information,and determines trustworthiness of the user of the mobile telephone 11.

In step S67, a determination is made as to whether or not to make a saleof the merchandise to the user of the mobile telephone 11, and when itis determined to make a sale, processing advances to step S71 of FIG.17.

In step S71 of FIG. 17, the CPU 201 controls the communication unit 224so as to make a request for card identification number information ofthe non-contact IC card 146 built-into the mobile telephone 11. Thisprocessing corresponds to the processing of arrow 376 of FIG. 12.

To conform with this request, in step S26 of FIG. 14, the main controlunit 131 of the mobile telephone 11 supplies card identification numberinformation to the point-of-purchase server 21.

In step S72, the CPU 201 controls the communication unit 224 so as todetermine whether or not card identification number information providedby the mobile telephone 11 has been acquired, and waits until it isdetermined that acquisition has taken place.

When it is determined that the card identification number informationhas been acquired, the CPU 201 advances processing to step S73, andexecutes purchasing/charging processing constituting processing relatingto the sale of merchandise.

When purchasing/charging processing is complete, in step S74, the CPU201 generates purchasing information relating to sale of merchandise onthis occasion, and controls the communication unit 224 so that thisgenerated purchasing information is provided to the mobile telephone 11via the network 10 so as to be stored in the non-contact IC card 146.This processing corresponds to the processing of arrow 378 of FIG. 12.

In step S75, the CPU 201 provided with the purchasing informationcontrols the communication unit 224 so as to determine whether or notnotification of completion of writing of the purchasing informationprovided to the mobile telephone 11 has been acquired, and waits untilit is determined that acquisition has taken place.

When it is determined that notification of completion of writing hasbeen acquired, in step S76, the CPU 201 generates notification ofcompletion of processing, and controls the communication unit 224 so asto provide this notification of completion of processing to the mobiletelephone 11 via the network 10. This processing corresponds to theprocessing of arrow 380 of FIG. 12.

The CPU 201 to which the notification of completion of processing issupplied then advances to step S77.

In the processing, of step S67 of FIG. 16, when it is determined thatmerchandise is not to be sold, after carrying out error processing instep S68 of FIG. 16, the CPU 201 advances the processing to step S77 ofFIG. 17.

In step S77, the CPU 201 determines whether or not sales processing isfinished. When it is determined that the processing is not finished, theprocessing of step S61 of FIG. 16 is returned to and processing fromthere onwards is repeated.

Further, when it is determined that the sales processing has finished,the CPU 201 ends the sales processing.

In the above manner, the user of the mobile telephone 11 purchases theintended merchandise from the point-of-purchase 20.

Next, a description is given with reference to FIG. 18 of the flow ofprocessing of the mobile telephone 11, point-of-purchase server 21 andpoint-of-receipt server 31 while a user of the mobile telephone 11purchasing merchandise is receiving the purchased merchandise.

In order to receive the purchased merchandise, the user of the mobiletelephone 11 that has purchased the merchandise as described above goesto either the nearest point of receipt 30 or to a point of receipt 30designated in advance by the point-of-purchase 20. The user thenpositions the mobile telephone 11 in the vicinity of the IC cardreader/writer 275 of the point-of-receipt server 31 installed at thepoint of receipt 30, and positions the non-contact IC card 146built-into the mobile telephone 11 in the vicinity of the IC cardreader/writer 275.

When the non-contact IC card 146 is positioned within communicationrange, the point-of-receipt server 31 acquires purchasing information353 and card identification number information (card identificationnumber 351) stored in the non-contact IC card 146 of the mobiletelephone 11 via the IC reader/writer 275 (arrow 401 and arrow 402).

The point-of-receipt server 31 that has acquired the purchasinginformation 353 and the card identification number information (cardidentification number 351) acquires purchasing information 353 (i.e.purchasing information for which the contained purchasing identifier isthe same) corresponding to the acquired purchasing information 353 fromthe point-of-purchase server 21 (arrow 403 and arrow 404).

The point-of-receipt server 31 then compares the purchasing information353 and the card identification number 351 acquired from the mobiletelephone 11 and the purchasing information 353 acquired from thepoint-of-purchase server 21, and authenticates the user of the mobiletelephone 11.

When the user is determined to be the purchaser of the merchandise, thepoint-of-receipt server 31 notifies the point-of-purchase server 21 thatconfirmation processing is complete (arrow 405).

The point-of-receipt server 31 then provides the purchasing informationrewriting key 361 to the mobile telephone 11 (arrow 406), and purchasinginformation 353 stored in the non-contact IC card 146 is deleted at themobile telephone 11.

The mobile telephone 11 then deletes the purchasing information 353using the acquired purchasing information rewriting key 361 and whenthis deletion is complete, the purchasing information rewriting key 361is deleted, and notification of completion of deletion is provided tothe point-of-receipt server 31 (arrow 407).

The point-of-receipt server 31 that has acquired the deletion completionnotification then generates temporary commercial transaction information391 constituting information for trustworthiness of thepoint-of-purchase 20 and provides this to the mobile telephone 11together with the temporary commercial transaction information rewritingkey 362 (arrow 408).

The temporary commercial transaction information 391 is comprised of astore identifier for identifying the point-of-purchase 20 constitutingthe store where the user of the mobile telephone 11 purchased themerchandise and a trustworthiness counter constituting a fluctuationportion fluctuating with the commercial transaction for this time forthe reliability of the point-of-purchase 20.

The mobile telephone 11 then records the provided temporary commercialtransaction information 391 in the non-contact IC card 146 using theacquired temporary commercial transaction information rewriting key 362.When recording is complete, the mobile telephone 11 deletes thetemporary commercial transaction information rewriting key 362, andprovides the notification of completion of writing to thepoint-of-receipt server 31 (arrow 409) so as to complete processingrelating to handing over of the merchandise.

The point-of-receipt server 31 that has acquired the notification ofcompletion of writing then ends processing relating to handing over ofthe merchandise.

When processing related to handing over of the merchandise is complete,the user of the mobile telephone 11 receives the purchased merchandisefrom the store of the point of receipt 30.

The following is a description with reference to the flowchart of FIG.19 of merchandise receipt processing of the mobile telephone 11.

First, in step S91, the main control unit 131 of the mobile telephone 11makes a determination as to whether or not a request for the purchasinginformation 353 and the card identification number information has beenacquired via the non-contact IC card 146 in the vicinity of the IC cardreader/writer 275, and waits until it is determined that acquisition hastaken place.

When it is determined that a request for the purchasing information 353and the card identification number information has been acquired, themain control unit 131 advances processing to step S92, controls the CPU161 of the non-contact IC card 146, and provides card identificationnumber information containing the requested purchasing information 353,and card identification number 351 to the point-of-receipt server 31.This processing corresponds to the processing of arrow 402 of FIG. 18.

The point-of-receipt server 31 that has acquired the purchasinginformation 353 and the card identification number information thecarries out authentication processing on the user of the mobiletelephone 11. When authentication is complete, instruction is given todelete the purchasing information from the mobile telephone 11.

In step S93, the main control unit 131 controls the CPU 161 of thenon-contact IC card 146 so as to determine whether or not an instructionto delete the purchasing information rewriting key 361 from thepoint-of-receipt server 31 and the purchasing information has beenacquired, and waits until it is determined that acquisition has takenplace.

When it is determined that an instruction to delete the purchasinginformation has been acquired from short range wireless communicationvia the antenna 170, the main control unit 131 advances processing tostep S94, controls the CPU 161 of the non-contact IC card 146, anddeletes purchasing information 353 using the purchasing informationrewriting key 361 acquired at the same time.

When deletion is complete, the main control unit 131 controls the CPU161 of the non-contact IC card 146, erases the purchasing informationrewriting key 361 used in the deletion, and provides deletion completionnotification to the point-of-receipt server 31 via the antenna 170. Thisprocessing corresponds to the processing of arrow 407 of FIG. 18.

The point-of-receipt server 31 that has received the deletion completionnotification then generates the aforementioned temporary commercialtransaction information 391 and provides this to the mobile telephone 11together with the temporary commercial transaction information rewritingkey 362.

In step S96, the main control unit 131 controls the CPU 161 of thenon-contact IC card 146 so as to determine whether or not the temporarycommercial transaction information 391 and the temporary commercialtransaction information rewriting key 362 have been acquired via theantenna 170, and waits until it is determined that acquisition has takenplace.

When it is determined that the temporary commercial transactioninformation 391 and the temporary commercial transaction informationrewriting key 362 have been acquired, the main control unit 131 advancesprocessing to step S97, and controls the CPU 161 of the non-contact ICcard 146 so as to record the temporary commercial transactioninformation 391 using the acquired temporary commercial transactioninformation rewriting key 362.

When recording is complete, the main control unit 131 controls the CPU161 of the non-contact IC card 146, erases the temporary commercialtransaction information rewriting key 362, and provides writingcompletion notification to the point-of-receipt server 31 via theantenna 170. This processing corresponds to the processing of arrow 409of FIG. 18. The main control unit 131 provided with notification ofcompletion of writing then ends the merchandise receipt processing.

Next, a description is given of merchandise delivery processingperformed by the point-of-receipt server 31 with reference to theflowcharts of FIG. 20 and FIG. 21.

In step S111 of FIG. 20, the CPU 251 of the point-of-receipt server 31controls the CPU 301 of the IC card reader/writer 275, determineswhether or not the non-contact IC card 146 is present withincommunication range, and waits until this is determined to be the case.

When the non-contact IC card 146 is determined to be in communicationrange, the CPU 251 advances processing to step S112, controls the CPU301 of the IC card reader/writer 275, and makes a request to thenon-contact IC card 146 of the mobile telephone 11 in the vicinity forthe purchasing information 353 and the card identification numberinformation. This processing corresponds to the processing of arrow 401of FIG. 18.

In step S113, the CPU 251 then controls the CPU 301 of the IC cardreader/writer 275, makes a determination as to whether or not thepurchasing information 353 and card identification number informationprovided by the non-contact IC card 146 of the mobile telephone 11 inthe processing in step S92 of FIG. 19 has been acquired, and waits untilit is determined that acquisition has taken place.

When it is determined that the purchasing information 353 and the cardidentification number information have been acquired, the CPU 251advances processing to step S114, controls the communication unit 274,and makes a request to the point-of-purchase server 21 for purchasinginformation 353 (for which the purchasing identifier is the same)corresponding to the purchasing information 353 acquired from thenon-contact IC card 146. This processing corresponds to the processingof arrow 403 of FIG. 18.

When a request for the purchasing information 353 is acquired from thepoint-of-receipt server 31, the point-of-purchase server 21 searches forthe requested purchasing information 353 and provides this informationto the point-of-receipt server 31.

In step S115, the CPU 251 controls the communication unit 274,determines whether or not purchasing information 353 has been acquiredfrom the point-of-purchase server 21 in response to the request, andwaits until it is determined that acquisition has taken place.

When it is determined that the purchasing information 353 has beenacquired, the CPU 251 advances processing to step S116, and carries outauthentication processing for the purchasing information 353 acquiredfrom the non-contact IC card 146 and the card identification number 351contained in the card identification number information using thepurchasing information 353 acquired from the point of purchase server31.

In step S117 the CPU 251 then determines whether or not the purchasinginformation 353 and the card identification number 351 acquired from thenon-contact IC card 146 are authentic based on the results of thisprocessing.

When it is determined that the purchasing information 353 and the cardidentification number 351 acquired from the non-contact IC card 146 havebeen authenticated, the CPU 251 advances the processing to step S118,controls the communication unit 274, and provides notification ofcompletion of processing to the point-of-purchase server 21. Thisprocessing corresponds to the processing of arrow 405 of FIG. 18.

In step S119, the CPU 251 controls the IC card reader/writer 275,provides the purchasing information rewriting key 361 to the mobiletelephone 11, and instructs the deletion of the purchasing information353 stored in the non-contact IC card 146. This processing correspondsto the processing of arrow 406 of FIG. 18.

In step S131 of FIG. 21, the CPU 251 controls the IC card reader/writer275, determines whether or not deletion completion notification has beenacquired from the non-contact IC card 146 of the mobile telephone 11 forwhich the purchasing information has been deleted, and waits until it isdetermined that acquisition has taken place.

When it is determined that deletion completion notification has beenacquired, the CPU 251 advances processing to step S132, generatestemporary commercial transaction information 391 corresponding to thecommercial transaction for this time using the temporary commercialtransaction information rewriting key 362, controls the IC cardreader/writer 275, and provides the temporary commercial transactioninformation 391 to the non-contact IC card 146 of the mobile telephone11. This processing corresponds to the processing of arrow 408 of FIG.18.

In step S133, the CPU 251 controls the IC card reader/writer 275,determines whether or not notification of completion of writing has beenacquired, and waits until it is determined that acquisition has takenplace.

When notification of completion of writing is outputted from thenon-contact IC card 146 of the mobile telephone 11 and it is determinedthat this notification of completion of writing has been acquired, theCPU 251 advances processing to step S134.

However, when it is determined in the processing of step S117 of FIG. 20that the purchasing information or card identification number providedby the non-contact IC card 146 of the mobile telephone 11 does notcorrespond with the purchasing information provided by thepoint-of-purchase 20 so that the authentication processing fails, theCPU 251 advances processing to step S120, executes error processing, andthen advances to the processing of step S134 of FIG. 21.

In step S134, the CPU 251 determines whether or not the merchandisedelivery processing is complete. When it is determined that commercialtransaction processing is not complete, the CPU 251 returns to theprocessing of step S111 of FIG. 20, and processing from there onwards isrepeated.

Further, when completion is determined in step S134, the CPU 251 endsmerchandise delivery processing.

Next, purchasing information providing processing performed by thepoint-of-purchase server 21 and executed in a manner corresponding withthe merchandise delivery processing described above is described withreference to the flowchart of FIG. 22.

In step S151, the CPU 201 of the point-of-purchase server 21 controlsthe communication unit 224 so as to determine whether or not a requestfor the purchasing information 353 provided in step S114 of FIG. 20 hasbeen acquired, and waits until it is determined that acquisition hastaken place.

When it is determined that a request for purchasing information has beenacquired, the CPU 201 advances processing to step S152, the requestedpurchasing information 353 is read from the storage unit 223, thecommunication unit 224 is controlled, and this purchasing information353 is supplied to the point-of-receipt server 31. This processingcorresponds to the processing of arrow 404 of FIG. 18.

In step S153, the CPU 201 provided with the purchasing information 353controls the communication unit 224 so as to determine whether or notnotification of completion of processing provided in step S118 of FIG.20 has been acquired, and waits until it is determined that acquisitionhas taken place.

When it is determined that notification of completion of processing hasbeen acquired, the CPU 201 advances processing to step S154, and adetermination is made as to whether or not purchasing informationproviding processing is complete.

When it is determined that purchasing information providing processingis not complete, the CPU 201 returns the processing to step S151, andthe processing from there onwards is repeated.

Further, when it is determined in step S154 that purchasing divisionproviding processing is complete, the CPU 201 ends purchasinginformation providing processing.

In the above, the user of the mobile telephone 11 authenticates thatthey are the purchaser of the merchandise at the point of receipt 30 atthe point-of-receipt server 31, and then receives the purchasedmerchandise.

Therefore, in the electronic commercial transaction system describedabove, illegal duplication is prevented by the purchasing informationrewriting key 361. However, even in cases where the purchasinginformation rewriting key 361 is illegally obtained etc. by some methodso that the purchasing information 353 of the mobile telephone 11 isillegally duplicated, the point-of-receipt server 31 is capable ofconfirming whether or not the user coming to pick-up the merchandise isthe rightful purchaser of the merchandise.

For example, as shown in FIG. 23, when a user of a mobile telephone 11-1purchases merchandise from the point-of-purchase 20, thepoint-of-purchase server 21 generates purchasing information 353 (arrow421) using a card identification number 351-1 allotted to thenon-contact IC card 146-1 of the mobile telephone 11-1 and provides thisto the non-contact IC card 146 (arrow 422).

Even if a mobile telephone 11 with purchasing information 353 of thenon-contact IC card 146-1 that has been illegally duplicated (arrow 423)is used when receiving the merchandise, the point-of-receipt server 31acquires the purchasing information 353 from the point-of-purchaseserver 21 and confirms a card identification number 351-2 allotted tothe non-contact IC card 146-2 of the mobile telephone 11-2 and anidentification number (i.e. the card identification number 351-1allotted to the non-contact IC card 146-1) of the purchasing cardcontained in the purchasing information 353 using the identificationnumber (i.e. the card identification number 351-1 allotted to thenon-contact IC card 146-1) of the purchasing card contained in thispurchasing information 353 (arrow 425 and arrow 426) It can therefore beknown that the purchasing information 353 of the mobile telephone 11-2has been illegally duplicated.

The point-of-receipt server 31 described above is capable of identifyingthe rightful purchaser of merchandise in a more accurate manner.

Next, a description is given with reference to FIG. 24 of the flow ofprocessing at the mobile telephone 11 and authentication server 41 whilereflecting the results of commercial transactions carried out in theabove manner in the user trustworthiness stored in the non-contact ICcard 146 of the mobile telephone 11 and the store trustworthinessmanaged by the authentication server 41.

First, the user operates the mobile telephone 11 so as to access theserver 41 (arrow 431). The authentication server 41 that has accessedthe mobile telephone 11 then makes a request to the mobile telephone 11for the temporary commercial transaction information 391 (arrow 432).The mobile telephone 11 then provides temporary commercial transactioninformation 391 to the authentication server 41 based on this request(arrow 433).

The authentication server 41 then updates store trustworthiness based onthe acquired temporary commercial transaction information 391. Next, theauthentication server 41 makes a request to the mobile telephone 11 forthe user trustworthiness 352, and acquires the user trustworthiness 352(arrow 434 and arrow 435). After the acquired user trustworthiness 352is updated, this updated user trustworthiness 352 is provided to themobile telephone 11 together with the user trustworthiness rewriting key363, and the user trustworthiness 352 held in the mobile telephone 11 isupdated (arrow 436).

The mobile telephone 11 then updates the stored user information 352using the acquired user information rewriting key 363. When updating iscomplete, the mobile telephone 11 erases the user information rewritingkey 363 and gives notification of completion of rewriting to theauthentication server 41 (arrow 437).

The authentication server 41 that has been notified of completion of therewriting then provides the temporary commercial transaction informationrewriting key 362 to the mobile telephone 11, and the temporarycommercial transaction information 391 for which processing is completeis deleted (arrow 438).

The mobile telephone 11 then deletes the temporary commercialtransaction information 391 using the acquired temporary commercialtransaction information rewriting key 362 and notifies theauthentication server 41 when this is complete (arrow 439). Theauthentication server 41 notified of deletion of the temporarycommercial transaction information 391 then provides notification ofprocessing completion to the mobile telephone 11 (arrow 440) and endsprocessing relating to updating of the trustworthiness information.

Further, when notification of completion of processing is acquired, themobile telephone 11 ends processing relating to updating oftrustworthiness information.

The following is a description with reference to the flowcharts of FIG.25 and FIG. 26 of trustworthiness operation processing of the mobiletelephone 11.

First, in step S171 of FIG. 25, the main control unit 131 of the mobiletelephone 11 is operated by the user so as to access the authenticationserver 41. This processing corresponds to the processing of arrow 431 ofFIG. 24.

The authentication server 41 that has accessed the mobile telephone 11then, as described in the following, requests temporary commercialtransaction information 391 stored in the non-contact IC card 146 of themobile telephone 11.

In step S172, the main control unit 131 determines whether or not arequest for temporary commercial transaction information made via theantenna 112 has been acquired, and waits until it is determined thatacquisition has taken place.

When it is determined that a request for temporary commercialtransaction information has been acquired, the main control unit 131advances to step S173, acquires temporary commercial transactioninformation 391 stored in the non-contact IC card 146, and provides thisto the authentication server 41 via the antenna 112. This processingcorresponds to the arrow 433 of FIG. 24.

As described in the following, after updating the store trustworthiness354, the authentication server 41 that has acquired the temporarycommercial transaction information 391 makes a request to the mobiletelephone 11 for the user trustworthiness 352.

In step S174, the main control unit 131 determines whether or not arequest for user trustworthiness information has been acquired via theantenna 112, and waits until it is determined that acquisition has takenplace.

When it is determined that a request for user trustworthinessinformation has been acquired, the main control unit 131 advances tostep S175, acquires user trustworthiness 352 stored in the non-contactIC card 146, and provides user trustworthiness information containingthis user trustworthiness 352 to the authentication server 41 via theantenna 112. This processing corresponds to the arrow 435 of FIG. 24.

As described in the following, the authentication server 41 that hasacquired the user trustworthiness information updates the usertrustworthiness 352 and provides user trustworthiness informationcontaining the updated user trustworthiness 352 and user trustworthinessrewriting key 363 to the mobile telephone 11.

In step S176, the main control unit 131 determines whether or not arequest for user trustworthiness information containing the updated usertrustworthiness 352 and the user trustworthiness rewriting key 363 hasbeen acquired via the antenna 112, and waits until it is determined thatacquisition has taken place.

When it is determined that the user trustworthiness information has beenacquired, the main control unit 131 advances the processing to stepS177, and the user trustworthiness 352 stored in the non-contact IC card146 is overwritten with the updated user trustworthiness 352 using theuser trustworthiness rewriting key 363 contained in the acquiredinformation.

The main control unit 131 updated with user trustworthiness 352 storedin the non-contact IC card 146 then advances processing to step S181 ofFIG. 26, deletes the user trustworthiness rewriting key 363, andprovides notification of completion of writing to the authenticationserver 41. This processing corresponds to the arrow 437 of FIG. 24.

As described in the following, the authentication server 41 that hasacquired the notification of completion of writing provides a temporarycommercial transaction information rewriting key 362 to the mobiletelephone 11, and instructs the deletion of the temporary commercialtransaction information 391 stored in the non-contact IC card 146.

In step S182, the main control unit 131 determines whether or not aninstruction to delete the temporary commercial transaction informationhas been acquired via the antenna 112, and waits until it is determinedthat acquisition has taken place.

When it is determined that a temporary commercial transactioninformation deletion instruction has been acquired (the temporarycommercial transaction information rewriting key 362 has been acquired),the main control unit 131 advances the processing to step S183, and thetemporary commercial transaction information 391 stored in thenon-contact IC card 146 is deleted using the acquired temporarycommercial transaction information rewriting key 362.

The main control unit 131 that has deleted the temporary commercialtransaction information 391 stored in the non-contact IC card 146 thenadvances processing to step S184, deletes the temporary commercialtransaction information rewriting key 362, and provides deletioncompletion notification to the authentication server 41. This processingcorresponds to the arrow 439 of FIG. 24.

As described in the following, the authentication server 41 that hasacquired the deletion completion notification then provides notificationof completion of processing to the mobile telephone 11.

In step S185, the main control unit 131 determines whether or notnotification of completion of processing has been acquired via theantenna 112, and waits until it is determined that acquisition has takenplace.

When it is determined that notification of completion of processing hasbeen acquired, the main control unit 131 completes the trustworthinessoperation processing.

Next, a description is given with reference to flowcharts of FIG. 27 andFIG. 28 of trustworthiness operation processing of the authenticationserver 41 carried out in such a manner as to correspond withtrustworthiness operation processing of the mobile telephone 11described above.

First, in step S201 of FIG. 27, the CPU 311 of the authentication server41 controls the communication unit 324, it is determined whether or notthere has been an access by the mobile telephone 11 using the processingof step S171 of FIG. 25, and determination that an access has been madeis awaited.

When it is determined that there has been an access by the mobiletelephone 11, the CPU 311 advances the processing to step S202, and arequest is made to the mobile telephone 11 for the temporary commercialtransaction information 391 stored in the non-contact IC card 146. Thisprocessing corresponds to the processing of arrow 432 of FIG. 24.

The main control unit 131 of the mobile telephone 11 that requested thetemporary commercial transaction information 391 then provides therequested temporary commercial transaction information 391 to theauthentication server 41 using the processing of step S173 of FIG. 25.

In step S203 the CPU 311 controls the communication unit 324, determineswhether or not temporary commercial transaction information 391 has beenacquired, and waits until it is determined that acquisition has takenplace.

When it is determined that the temporary commercial transactioninformation 391 has been acquired, the CPU 311 advances processing tostep S204, calculates store trustworthiness 354 using a prescribedmethod based on the acquired temporary commercial transactioninformation 391, and updates the store trustworthiness 354 stored in thestorage unit 323.

The CPU 311 with the updated store trustworthiness 354 then controls thecommunication unit 324 in step S205 and makes a request to the mobiletelephone 11 for user trustworthiness information. This processingcorresponds to the processing of arrow 434 of FIG. 24.

The main control unit 131 of the mobile telephone 11 that has acquiredthe user trustworthiness information request then provides usertrustworthiness information corresponding to the request using theprocessing of step S175 in FIG. 25.

In step S206, the CPU 311 controls the communication unit 324 so as todetermine whether or not user trustworthiness information has beenacquired, and waits until it is determined that acquisition has takenplace.

When it is determined that user trustworthiness information has beenacquired, the CPU 311 advances the processing to step S207, andcalculates and updates the user trustworthiness 352 using a prescribedmethod based on the acquired user trustworthiness information.

The CPU 311 that has updated the user trustworthiness 352 then advancesprocessing to step S210 of FIG. 28, controls the communication unit 324,and provides user trustworthiness information containing the updateduser trustworthiness 352 and the user trustworthiness rewriting key 363to the mobile telephone 11. This processing corresponds to theprocessing of arrow 436 of FIG. 24.

The main control unit 131 of the mobile telephone 11 that has acquiredthe user trustworthiness information then updates the usertrustworthiness 352 stored in the non-contact IC card 146 and providesthis to the authentication server 41 using the processing of step S181of FIG. 26.

In step S211, the CPU 311 controls the communication unit 324 so as todetermine whether or not notification of completion of writing has beenacquired, and waits until it is determined that acquisition has takenplace.

When it is determined that notification of completion of writing hasbeen acquired, the CPU 311 advances processing to step S212, controlsthe communication unit 324, provides the temporary commercialtransaction information rewriting key 362 to the mobile telephone 11,and instructs the mobile telephone 11 to delete the temporary commercialtransaction information 391 stored in the non-contact IC card 146. Thisprocessing corresponds to the processing of arrow 438 of FIG. 24.

When the main control unit 131 of the mobile telephone 11 deletes thetemporary commercial transaction information 391 using the acquiredtemporary commercial transaction information rewriting key 362 based onthe instruction from the authentication server 41, the processingadvances to step S184 of FIG. 26, and deletion completion notificationis provided to the authentication server 41.

In step S213, the CPU 311 controls the communication unit 324 so as todetermine whether or not deletion completion notification has beenacquired, and waits until it is determined that acquisition has takenplace.

When it is determined that deletion completion notification has beenacquired, the CPU 311 advances processing to step S214, controls thecommunication unit 324, and provides notification of completion ofprocessing to the mobile telephone 11. This processing corresponds tothe processing of arrow 440 of FIG. 24.

When the CPU 311 provides notification of completion of processing, instep S215, a determination is made as to whether or not trustworthinessoperation processing is complete. When it is determined not to becomplete, the CPU 311 returns processing to step S201 of FIG. 27, andthe process from there onwards is repeated.

Further, when it is determined that the trustworthiness operationprocessing is complete, the CPU 311 ends the trustworthiness operationprocessing.

In the above, the mobile telephone 11 and the authentication server 41update the values of the user trustworthiness 352 and the storetrustworthiness 354 and reflect the results of the commercialtransaction on this occasion in each trustworthiness. The updated usertrustworthiness 352 and store trustworthiness 354 are then used duringthe next commercial transaction.

As in the above, it is possible to easily carry out safer electroniccommercial transaction by identifying purchasers of merchandise usingpurchasing information 353 that is information the point-of-receiptserver 31 of the point of receipt 30 where the merchandise is deliveredcannot update without using a specific key and the card identificationnumber 351 allotted to the non-contact IC card 146 storing thepurchasing information 353.

Further, it is possible to carry out safer electronic commercialtransaction by calculating trustworthiness of a user registered for aservice and a store.

Moreover, safer electronic commercial transactions can be carried out bysetting information such as user trustworthiness in such a manner thatthis information cannot be read out without using a password etc.

In the above, as shown in FIG. 23, a description is given where illegalduplication of the purchasing information 353 stored in the non-contactIC card 146 is not possible, but it is also possible to ensure that itis possible to change a purchaser (i.e. transfer purchasing information353 to another device) providing the permission of the point-of-purchase20 is received.

For example, as shown in FIG. 29, when a purchaser mobile telephone 11-3constituting a mobile telephone used when purchasing merchandisetransfers purchasing information 353 stored in a non-contact IC card146-3 to a transfer destination mobile telephone 11-4, a transferdestination card identification number (i.e. card identification number351-4) is overwritten (taken to be purchasing information 453) with apurchasing card identification number 353 (i.e. card identificationnumber 351-3) contained in the purchasing information 353, and stored ina non-contact IC card 146-4 of the transfer destination mobile telephone11-4 (arrow 463).

The point-of-purchase server 21 then manages both the purchasing cardidentification number (i.e. card identification number 351-3) and thetransfer destination card identification number (i.e. cardidentification number 351-4), and provides purchasing information 453containing the purchasing card identification number (i.e. cardidentification number 351-4) when a request is made to thepoint-of-receipt server 31 for purchasing information.

The user of the transfer destination mobile telephone 11-4 is thenauthenticated as the rightful purchaser of the merchandise (arrow 465and arrow 466) as a result of the point-of-receipt server 31 confirmingthe card identification number 351-4 of the non-contact IC card 146-4 ofthe transfer destination mobile telephone 11-4 and the purchasinginformation 453 using the purchasing information 453.

Next, a description is given of transfer processing by the purchasermobile telephone 11-3 of FIG. 29 with reference to the flowcharts ofFIG. 30 and FIG. 31. In the following, the configuration of thepurchaser mobile telephone 11-3 and the transfer destination mobiletelephone 11-4 is the same as the configuration of the mobile telephone11 and FIG. 2 to FIG. 6 may also be cited for the configuration of thepurchaser mobile telephone 11-3 and the transfer destination mobiletelephone 11-4.

First, in step S231, the main control unit 131 of the purchaser mobiletelephone 11-3 makes a request to the point-of-purchase server 21 viathe network 10 for permission to transfer the purchasing information353.

As described in the following, the point-of-purchase server 21 that hasacquired the transfer permission requests the purchasing information 353stored in the non-contact IC card 146-3 of the purchaser mobiletelephone 11-3 and card identification number information containing thecard identification number 351-3.

In step S232, the main control unit 131 of the purchaser mobiletelephone 11-3 determines whether or not a request for this purchasinginformation 353 and card identification number information has beenacquired, and waits until it is determined that acquisition has takenplace.

When it is determined that a request for the purchasing information 353and card identification number information has been acquired, in stepS233 the main control unit 131 provides the purchasing information 353and card identification number information to the point-of-purchaseserver 21 via the network 10.

As described in the following, when the point-of-purchase server 21 thathas acquired the purchasing information 353 and card identificationnumber information has carried out authentication of the acquiredpurchasing information 353 using the card identification number 351-3contained in the acquired card identification number information so asto authenticate the purchasing information 353, card identificationnumber information containing the card identification number 351-4 ofthe transfer destination of the purchasing information 353 is requested.

In step S234, the main control unit 131 of the purchaser mobiletelephone 11-3 determines whether or not a request for this cardidentification number information of the transfer destination has beenacquired, and waits until it is determined that acquisition has takenplace.

When it is determined that a request for the card identification numberinformation of the transfer destination has been acquired, the maincontrol unit 131 advances processing to step S235, a determination ismade as to whether or not the transfer destination mobile telephone 11-4is within communication range of short-range wireless communication bythe non-contact IC card 146-3, and determination that this is the caseis awaited.

When the purchaser mobile telephone 11-3 and the transfer destinationmobile telephone 11-4 are close to each other so that the non-contact ICcard 146-4 is positioned within the communication range of thenon-contact IC card 146-3, the CPU 161 of the non-contact IC card 146-3detects the non-contact IC card 146-4 and notifies the main control unit131 via antenna 170.

When the main control unit 131 of the purchaser mobile telephone 11-3determines that the transfer destination mobile telephone 11-4 ispresent within the communication range of short-range wirelesscommunication by the non-contact IC card 146-3 based on informationprovided by the CPU 161, the main control unit 131 advances theprocessing to step S236, controls the non-contact IC card 146-3, andmakes a request to the transfer destination mobile telephone 11-4 forcard identification number information containing the cardidentification number 351-4 using short-range wireless communication.

The transfer destination mobile telephone 11-4 that has been requestedfor the card identification number information, as described in thefollowing, provides the requested card identification number informationto the purchaser mobile telephone 11-3 using short-range wirelesscommunication.

In step S237, the main control unit 131 of the purchaser mobiletelephone 11-3 controls the non-contact IC card 146-3 so as to determinewhether or not the card identification number information of thetransfer destination has been acquired, and waits until it is determinedthat acquisition has taken place.

When it is determined that card identification number information forthe transfer destination has been acquired, the main control unit 131advances processing to step S238, and the card identification numberinformation acquired for the transfer destination is provided to thepoint-of-purchase server 21 via the network 10.

As described in the following, the point-of-purchase server 21 that hasacquired the card identification number information of the transferdestination updates the purchasing information 353 using the cardidentification number 351-4 contained in the acquired cardidentification number information, generates purchasing information 453containing the card identification number 351-4, and provides this tothe purchaser mobile telephone 11-3 together with the purchasinginformation rewriting key 361.

In step S239, the main control unit 131 of the purchaser mobiletelephone 11-3 determines whether or not the updated purchasinginformation 453 and purchasing information rewriting key 361 have beenacquired, and waits until it is determined that acquisition has takenplace.

When it is determined that the updated purchasing information 453 andpurchasing information rewriting key 361 have been acquired, the maincontrol unit 131 advances processing to step S241 of FIG. 31, adetermination is made as to whether or not the transfer destinationmobile telephone 11-4 is within communication range of short-rangewireless communication by the non-contact IC card 146-3, anddetermination that this is the case is awaited.

When it is determined that the transfer destination mobile telephone11-4 is within communication range, the main control unit 131 advancesprocessing to step S242, controls the non-contact IC card 146-4, andprovides the updated purchasing information 453 and purchasinginformation rewriting key 361 to the transfer destination mobiletelephone 11-4 using short-range wireless communication.

As described in the following, the transfer destination mobile telephone11-4 provided with the purchasing information 453 and the purchasinginformation rewriting key 361 records the updated purchasing information453 in the non-contact IC card 146-4 using the acquired purchasinginformation rewriting key 361. When recording is complete, thepurchasing information rewriting key 361 is deleted, and completion ofwriting is provided to the purchaser mobile telephone 11-3.

In step S243, the main control unit 131 of the purchaser mobiletelephone 11-3 controls the non-contact IC card 146-3 so as to determinewhether or not notification of completion of writing has been acquired,and waits until it is determined that acquisition has taken place.

When it is determined that notification of completion of writing hasbeen acquired, the main control unit 131 advances processing to stepS244 and provides the acquired notification of completion of writing tothe point-of-purchase server 21.

The point-of-purchase server 21 that has acquired the notification ofcompletion of writing provides the purchasing information rewriting key361 to the purchaser mobile telephone 11-3 and requests deletion of thepurchasing information 353.

In step S245, the main control unit 131 of the purchaser mobiletelephone 11-3 determines whether or not a request for deletion of thepurchasing information has been acquired from the point-of-purchaseserver 21, and waits until it is determined that acquisition has takenplace.

When it is determined that a request to delete purchasing informationhas been acquired, the main control unit 131 advances processing to stepS246 and deletes the purchasing information 353 stored in thenon-contact IC card 146-3 using the purchasing information rewriting key361.

When deletion is complete, in step S247, the main control unit 131provides deletion completion notification to the point-of-purchaseserver 21, and transfer processing is complete.

Next, transfer processing by the point-of-purchase server 21 executedcorresponding to transfer processing by the mobile telephone 11-3 asdescribed above is described with reference to the flowcharts of FIG. 32and FIG. 33.

In step S261, the CPU 201 of the point-of-purchase server 21 controlsthe communication unit 224 so as to determine whether or not a transferpermission request has been acquired from the purchaser mobile telephone11-3, and waits until it is determined that acquisition has taken place.

When it is determined that a transfer permission request has beenacquired, the CPU 201 advances the processing to step S262, and arequest is made to the purchaser mobile telephone 11-3 for thepurchasing information 353 and the card identification numberinformation containing the card identification number 351-3.

In step S233 of FIG. 3, the purchaser mobile telephone 11-3 requestedfor the purchasing information 363 and the card identification numberinformation then provides the requested purchasing information 353 andcard identification number information.

In step S263, the CPU 201 controls the communication unit 224 so as todetermine whether or not the purchasing information 353 and cardidentification number information has been acquired, and waits until itis determined that acquisition has taken place.

When it is determined that the purchasing information 353 and the cardidentification number information, the CPU 201 advances processing tostep S264, purchasing information 353 corresponding to (having the samepurchasing identifier as) the acquired purchasing information isretrieved from the storage unit 223, and the purchasing information 353provided by the purchaser mobile telephone 11-3 and card identificationnumber 351-3 contained in the card identification number information areauthenticated using the retrieved purchasing information 353.

In step S65, the CPU 201 determines whether or not the purchasinginformation 353 and card identification number 351-3 are authenticated.

When it is determined that the individual information 353 isauthenticated, the CPU 201 advances processing to step S266, controlsthe communication unit 224, and makes a request to the purchaser mobiletelephone 11-3 for card identification number information containing thecard identification number 351-4 of the transfer destination.

In step S238 of FIG. 30, the purchaser mobile telephone 11-3 providesthe requested card identification number information of the transferdestination to the point-of-purchase server 21.

In step S267, the CPU 201 controls the communication unit 224 so as todetermine whether or not card identification number information of thetransfer destination has been acquired, and waits until it is determinedthat acquisition has taken place.

When it is determined that card identification number information of thetransfer destination has been acquired, the CPU 201 advances processingto step S271 of FIG. 33, and the purchasing information 353 is updatedusing the card identification number 351-4 contained in the acquiredcard identification number information of the transfer destination usingthe purchasing information rewriting key 361. Specifically, the CPU 201overwrites the transfer destination card identification number (cardidentification number 351-4) with the identification number of thepurchasing card contained in the purchasing information 353 so as togenerated updated purchasing information 453.

Then, in step S272, the CPU 201 provides the updated purchasinginformation 453 to the purchaser mobile telephone 11-3 together with thepurchasing information rewriting key 361.

The purchaser mobile telephone 11-3 that has acquired the updatedpurchasing information 453 and the purchasing information rewriting key361 then provides the updated purchasing information 453 and thepurchasing information rewriting key 361 to the transfer destinationmobile telephone 11-4 for recording.

When notification of completion of writing is acquired by the transferdestination mobile telephone 11-4, in step S244 of FIG. 31, thepurchaser mobile telephone 11-3 provides the notification of completionof writing.

In step S273, the CPU 201 controls the communication unit 224 so as todetermine whether or not notification of completion of writing has beenacquired, and waits until it is determined that acquisition has takenplace.

When it is determined that notification of completion of writing hasbeen acquired, the CPU 201 advances processing to step S274, thepurchasing information rewriting key 361 is provided to the purchasermobile telephone 11-3, and a request for deletion of the purchasinginformation 353 is made to the purchaser mobile telephone 11-3.

After the purchasing information 353 is deleted, in step S247 of FIG.31, the purchaser mobile telephone 11-3 provides deletion completionnotification to the point-of-purchase server 21.

In step S275, the CPU 201 controls the communication unit 224 so as todetermine whether or not deletion completion notification has beenacquired, and waits until it is determined that acquisition has takenplace.

When it is determined that deletion completion notification has beenacquired, the CPU 201 advances processing to step S276 of FIG. 33.

When it is determined in step S265 of FIG. 32 that purchasinginformation is not authenticated, the CPU 201 advances processing tostep S268, and processing of step S276 is proceeded to after carryingout prescribed error processing.

In step S276, the CPU 201 determines whether or not the transferprocessing is complete. When it is determined not to be complete, theCPU 201 returns processing to step S261 of FIG. 32, and the process fromthere onwards is repeated.

Further, when completion of the transfer processing is determined instep S276, the CPU 201 ends transfer processing.

Next, a description is given with reference to the flowchart of FIG. 34of transfer processing by the purchaser mobile telephone 11-3 andtransfer processing by the transfer destination mobile telephone 11-4executed to correspond to the transfer processing by thepoint-of-purchase server 21.

First, in step S291, the main control unit 131 of the transferdestination mobile telephone 11-4 controls the non-contact IC card 146-4so that, as a result of the processing of step S236 of FIG. 30, adetermination is made as to whether or not a request for cardidentification number information has been acquired from the purchasermobile telephone 11-3, with a determination this has been acquired thenbeing awaited.

When it is determined that a request for the card identification numberinformation has been acquired, the main control unit 131 advancesprocessing to step S292, controls the non-contact IC card 146-4, makes adetermination as to whether or not the purchaser mobile telephone 11-3is within communication range of short-range wireless communication bythe non-contact IC card 146-4, and awaits a determination that this isthe case.

When the purchaser mobile telephone 11-3 and the transfer destinationmobile telephone 11-4 are close to each other so that the non-contact ICcard 146-3 is positioned within the communication range of thenon-contact IC card 146-4, the CPU 161 of the non-contact IC card 146-4detects the non-contact IC card 146-3 and notifies the main control unit131 via the antenna 170.

When it is determined that the purchaser mobile telephone 11-3 is withincommunication range based on information provided by the CPU 161, themain control unit 131 of the transfer destination mobile telephone 11-4advances processing to step S293, and card identification numberinformation containing the requested card identification number 351-4 isprovided to the purchaser mobile telephone 11-3 using short-rangewireless communication by the non-contact IC card 146-4.

In step S242 of FIG. 31, the purchaser mobile telephone 11-3 providesthe updated purchasing information 453 and purchasing informationrewriting key 361 provided by the point-of-purchase server 21 to thetransfer destination mobile telephone 11-4.

In step S294, the main control unit 131 of the transfer destinationmobile telephone 11-4 determines whether or not the purchasinginformation 453 updated by the purchaser mobile telephone 11-3 andpurchasing information rewriting key 361 have been acquired, and waitsuntil it is determined that acquisition has taken place.

When it is determined that the updated purchasing information 453 andthe purchasing information rewriting key 361 have been acquired, themain control unit 131 advances the processing to step S295 and recordsthe updated purchasing information 453 using the acquired purchasinginformation rewriting key 361.

The main control unit 131 advances the processing to step S296, controlsthe non-contact IC card 146-4, makes a determination as to whether ornot the purchaser mobile telephone 11-3 is within communication range ofshort-range wireless communication by the non-contact IC card 146-4, andawaits a determination that this is the case.

When it is determined that the purchaser mobile telephone 11-3 is withincommunication range, the main control unit 131 advances processing tostep S287, provides notification of completion of writing to thepurchaser mobile telephone 11-3 after deleting the purchasinginformation rewriting key 361, and ends transfer processing.

As described in the above, it is possible to transfer purchasinginformation from the purchaser mobile telephone 11-3 to the transferdestination mobile telephone 11-4 by having the point-of-purchase server21 permit transfer.

In the above, a description is given where the point-of-receipt server31 of the point of receipt 30 holds the purchasing information rewritingkey 361, with the purchasing information 353 stored in the non-contactIC card 146 being deleted after delivery of the merchandise. However,the present invention is by no means limited in this respect, and thiselectronic commercial transaction system may be simplified by not havingthe point-of-receipt server 31 delete the purchasing information.

FIG. 35A to FIG. 35D are views showing examples of data held in themobile telephone 11, point-of-purchase server 21, point-of-receiptserver 31, and authentication server 41 respectively in a state beforethe user of the mobile telephone 11 of FIG. 1 purchases merchandise.

Comparing with the case of FIG. 11A to FIG. 11D, the mobile telephone 11shown in FIG. 35A is the same as the mobile telephone 11 of FIG. 11A, arewriting key is not held, and the point-of-purchase server 21 of FIG.35B is the same as the point-of-purchase server 21 of FIG. 11B, and apurchasing information rewriting key 361 is held.

The point-of-receipt server 31 of FIG. 35C is different from the case ofFIG. 11C in that the purchasing information rewriting key 361 is notheld. In this case, as described in the following, the temporarycommercial transaction information 391 is also not used and thepoint-of-receipt server 31 also does not hold the temporary commercialtransaction information rewriting key 362.

Similarly, the authentication server 41 of FIG. 35D holds the usertrustworthiness rewriting key 363 but differs from the case in FIG. 11Din that a temporary commercial transaction information rewriting key 362is not held.

Next, a description is given of a further example of the flow ofprocessing of the mobile telephone 11, point-of-purchase server 21 andauthentication server 41 relating to the sale of merchandise in theelectronic commercial transaction system of FIG. 1, as shown in FIG. 36.

In the case of FIG. 36 also, the flow of processing relating to the saleof merchandise is substantially the same as for the case shown in FIG.12.

Namely, the mobile telephone 11 acquires store trustworthiness of thepoint-of-purchase 20 from the authentication server 41 (arrow 481 andarrow 482) and an order for the merchandise is placed with thepoint-of-purchase server 21 (arrow 483) after confirming whether or notthe point-of-purchase 20 can be trusted. The user trustworthiness 352 isthen supplied to the point-of-purchase server 21 based on this request(arrow 484 and arrow 485), the card identification number 351 isprovided to the point-of-purchase server 21 (arrow 486 and arrow 487),and purchasing information 353 corresponding to the commercialtransaction for this time is acquired (arrow 488).

However, after this, differing from the case of FIG. 12, thepoint-of-purchase server 21 provides the purchasing informationrewriting key 361 to the mobile telephone 11 an instructs the deletionof the purchasing information 353 (old purchasing information 353 thatis no longer of use) corresponding to the previous commercialtransaction (arrow 489).

The mobile telephone 11 then deletes the purchasing information 353corresponding to the previous commercial transaction based on thisinstruction, and provides deletion completion notification to thepoint-of-purchase server 21 (arrow 490). The point-of-purchase server 21receives this, provides notification of completion of processing to themobile telephone 11 (arrow 491) and completes processing related tosales.

The following is a description with reference to the flowcharts of FIG.37 to FIG. 39 of purchasing processing of the mobile telephone 11. Adescription is now given corresponding to the flowcharts FIG. 13 andFIG. 14 as necessary.

The processing from step S311 of FIG. 37 to step S334 of FIG. 39 by themain control unit 131 of the mobile telephone 11 corresponds to theprocessing of step S1 of FIG. 13 to step S29 of FIG. 14, is the sameprocessing, and is therefore omitted from this description.

Namely, in step S311 to step S313 of FIG. 37, the main control unit 131acquires purchasing information from the point-of-purchase server 21 anddisplays this at the liquid crystal display 115, and acquires storetrustworthiness information for displaying at the store trustworthinessinformation in step S314 to step S317.

In step S320 and step S321 of FIG. 38, the main control unit 131determines whether or not to purchase merchandise. In step S322 to stepS327, requested user trustworthiness information is provided. In stepS330 and step S331 of FIG. 39, the requested card identification numberinformation is provided. In step S332 to step S334, the providedpurchasing information is recorded, and notification of completion ofwriting is provided to the point-of-purchase server 21.

As described in the following, the point-of-purchase server 21 that hasacquired the notification of completion of writing provides thepurchasing information rewriting key 361 to the mobile telephone 11, anda request is made for purchasing information for which commercialtransaction completion is finished is made.

In step S335, the main control unit 131 of the mobile telephone 11determines whether or not a request for deletion of purchasinginformation for which commercial transaction completion is finished hasbeen acquired from the point-of-purchase server 21, and waits until itis determined that acquisition has taken place.

When it is determined that a request to delete the purchasinginformation rewriting key 361 and purchasing information for whichcommercial transaction completion is finished has been acquired, themain control unit 131 advances the processing to step S336, andpurchasing information 353 stored in the non-contact IC card 146 forwhich commercial transactions have already been completed is deletedusing the acquired purchasing information rewriting key 361.

When deletion is complete, in step S337, the main control unit 131deletes the purchasing information rewriting key 361 and deletioncompletion notification is provided to the point-of-purchase server 21.

In step S338, as in the case of step S30 of FIG. 14, the main controlunit 131 determines whether or not notification of completion ofprocessing provided by the point-of-purchase server 21 has beenacquired, and waits until it is determined that acquisition has takenplace.

When it is determined that notification of completion of processing hasbeen acquired, in step S339, as in the case of step S31 of FIG. 14, themain control unit 131 controls the LCD control unit 136, the acquirednotification of completion of processing is displayed at the liquidcrystal display 115, and purchasing processing is complete.

The authentication server 41 executes store trustworthiness informationproviding processing corresponding with the purchasing processing by themobile telephone 11 described above. However, this processing is thesame as the case described with reference to the flowchart of FIG. 15,and its description is therefore omitted.

Next, purchasing processing by the mobile telephone 11 described aboveand sales processing by the point-of-purchase server 21 executed so asto correspond to the store trustworthiness information providingprocessing by the authentication server 41 is described with referenceto the flowcharts of FIG. 40 and FIG. 41. A description is now givencorresponding to the flowcharts FIG. 16 and FIG. 17 as necessary.

The processing from step S351 of FIG. 40 to step S363 of FIG. 41 by theCPU 201 of the point-of-purchase server 21 corresponds to the processingof step S61 of FIG. 16 to step S75 of FIG. 17, is the same processing,and is therefore omitted from this description.

Namely, in step S351 and step S352 of FIG. 40, the CPU 201 providesmerchandise information based on a request. In step S353, it isdetermined whether or not a request to purchase merchandise is acquired.In step S354 and step S355, user trustworthiness information is acquiredfrom the mobile telephone 11. In step S356, trustworthiness isdetermined, and in step S357, a determination is made as to whether ornot merchandise is sold.

When merchandise is not sold, in step S358, the CPU 201 carries outerror processing. When merchandise is sold, in step S359 and step S360of FIG. 41, card identification number information is acquired from themobile telephone 11. After purchasing/charging processing is carried outin step S361, purchasing information is generated in step S362 and isprovided to the mobile telephone 11.

Next, in step S363, the CPU 201 controls the communication unit 224 soas to determine whether or not notification of completion of writing hasbeen acquired, and waits until it is determined that acquisition hastaken place.

When it is determined that notification of completion of writing hasbeen acquired, the CPU 201 advances processing to step S364, controlsthe communication unit 224, provides the purchasing informationrewriting key 361 to the purchaser mobile telephone 11, and makes arequest for deletion of purchasing information for which commercialtransaction completion is finished to the purchaser mobile telephone 11.

As shown in step S336 of FIG. 39, the main control unit 131 of themobile telephone 11 that has acquired the request for deletion ofpurchasing information for which commercial transaction completion isfinished deletes purchasing information for completed commercialtransaction. When deletion is complete, in step S337, deletioncompletion notification is provided to the point-of-purchase server 21.

In step S365, the CPU 201 of the point-of-purchase server 21 controlsthe communication unit 224 so as to determine whether or not deletioncompletion notification has been acquired, and waits until it isdetermined that acquisition has taken place.

When it is determined that deletion completion notification has beenacquired, the CPU 201 advances processing to step S366, and as in thecase of step S76 of FIG. 17, controls the communication unit 224, andprovides notification of completion of processing to the mobiletelephone 11.

Next, in step S367, as in the case of step S77 of FIG. 17, the CPU 201determines whether or not sales processing is finished. When it isdetermined that the processing is not finished, the processing of stepS351 of FIG. 40 is returned to and processing from there onwards isrepeated.

Further, when it is determined that the sales processing has finished,the CPU 201 ends the sales processing.

In the above, processing relating to purchasing and sale of merchandiseis carried out.

Next, as shown in FIG. 42, a description is given corresponding to thecase of FIG. 18 of the flow of processing occurring at the mobiletelephone 11, point-of-purchase server 21, point-of-receipt server 31and authentication server 41 executed while delivering the merchandise.

In the case in FIG. 42, as in the case in FIG. 18, when the non-contactIC card 146 is positioned with communication range of short-rangewireless communication of the IC card reader/writer 275, thepoint-of-receipt server 31 the mobile telephone 11 is in the proximityof makes a request to (arrow 501) and acquires from (arrow 502) themobile telephone 11 purchasing information 353 and the cardidentification number 351.

A request is then made to the point-of-purchase server 21 for purchasinginformation 353 corresponding to the acquired purchasing information 353(arrow 503), and this is acquired (arrow 504). The purchasinginformation 353 and card identification number 351 acquired from themobile telephone 11 are then authenticated using the purchasinginformation 353 acquired from the point-of-purchase server 21 andnotification of completion of processing is provided to thepoint-of-purchase server 21 (arrow 505).

When notification of completion of processing is provided to thepoint-of-purchase server 21, the processing is completed without thepoint-of-receipt server 31 instructing the mobile telephone 11 to deletethe purchasing information 353 or providing the temporary commercialtransaction information 391 as in the case in FIG. 18.

Differing from the case of FIG. 18, when notification of completion ofprocessing is acquired, the point-of-purchase server 21 providespurchasing information 353 to the authentication server 41. When thepurchasing information 353 is acquired, the authentication server 41updates the store trustworthiness information 354 based on thispurchasing information 353.

A description is now given with reference to the flowchart of FIG. 43 ofmerchandise receipt processing performed by the mobile telephone 11executed while handing over merchandise as described above. Adescription is now given corresponding to the flowchart FIG. 19 asnecessary.

The processing of step S381 and step 382 of FIG. 43 by the main controlunit 131 of the mobile telephone 11 corresponds to the processing ofstep S91 and step S92 of FIG. 19, is the same processing, and istherefore omitted from this description.

Namely, in step S381, the main control unit 131 of the mobile telephone11 controls the non-contact IC card 146 so as to determine whether ornot a request for card identification number information containing thepurchasing information 353 and card identification number 351 has beenacquired from the point-of-receipt server 31, and waits until it isdetermined that acquisition has taken place.

When it is determined that a request for the purchasing information 353and the card identification number information has been acquired, instep S 382, the main control unit 131 controls the non-contact IC card146, and provides card identification number information containing thepurchasing information 353, and card identification number 351 to thepoint-of-receipt server 31.

When the purchasing information 353 and the card identification numberinformation are provided to the point-of-receipt server 31, differentlyfrom the case of FIG. 19, the main control unit 131 ends merchandisereceipt processing.

Next, a description is given with reference to the flowchart of FIG. 44of merchandise delivery processing performed by the point-of-receiptserver executed so as to correspond with the merchandise receiptprocessing of the mobile telephone 11. A description is now givencorresponding to the flowcharts FIG. 20 and FIG. 21 as necessary.

The processing from step S401 to step S409 of FIG. 44 by the CPU 251 ofthe point-of-receipt server 31 corresponds to the processing of stepS111 to step S120 of FIG. 20, is the same processing, and is thereforeomitted from this description.

Namely, in step S401 to step S403 of FIG. 44, the CPU 251 makes arequest to and acquires from the mobile telephone 11 the purchasinginformation 353 and the card identification number information. In theprocessing of step S404 and step S405, purchasing informationcorresponding to (having the same purchasing identifier as) thepurchasing information 353 acquired from the mobile telephone 11 isrequested from the point-of-purchase server 21 and is acquired.

In step S406 and step S407, the CPU 251 carries out authenticationprocessing. In the case of authentication, the processing advances tostep S408, notification of completion of processing is provided to thepoint-of-purchase server 21 and the processing advances to step S410.When there is no authentication, processing advances to step S409, errorprocessing is carried out, and processing advances to step S410.

In step S410, as in the case of step S134 of FIG. 21, the CPU 251 of thepoint-of-receipt server 31 determines whether or not merchandisedelivery processing is complete. When it is determined not to becomplete, the CPU 251 returns processing to step S401, and the processfrom there onwards is repeated. Further, when it is determined that theprocessing is complete, the CPU 251 ends the merchandise deliveryprocessing.

The following is a description with reference to the flowchart of FIG.45 of purchasing information providing processing performed by thepoint-of-purchase server 21. A description is now given corresponding tothe flowchart FIG. 22 as necessary.

The processing from step S431 to step S433 of FIG. 45 by thepoint-of-purchase server 21 corresponds to the processing of step S151to step S153 of FIG. 22, is the same processing, and is thereforeomitted from this description.

Namely, in step S431, the CPU 201 of the point-of-purchase server 21determines whether or not a request for the purchasing information 353is acquired from the point-of-receipt server 31 and awaits determinationthat this is the case. When this is determined to be acquired,processing advances to step S432, and the requested purchasinginformation is supplied to the point-of-receipt server 31.

In step S433, the CPU 201 determines whether or not notification ofcompletion of confirmation processing has been acquired from thepoint-of-receipt server 31, and waits until it is determined thatacquisition has taken place.

When it is determined that notification of completion of confirmationprocessing is acquired, the CPU 201 advances processing to step S434,controls the communication unit 224, and provides the same purchasinginformation 353 as is provided to the point-of-receipt server 31 to theauthentication server 41.

In step S435, the CPU 201 determines whether or not purchasinginformation providing processing is finished. When it is determined thatthe processing is not finished, processing returns to step S431 andprocessing from there onwards is repeated.

Further, when it is determined that the processing has finished, the CPU201 ends the purchasing information providing processing.

Store trustworthiness update processing performed by the authenticationserver 41 executed so as to correspond to purchasing informationproviding processing performed by the point-of-purchase server 21described above is described with reference to the flowchart of FIG. 46.

First, in step S451, the CPU 311 of the authentication server 41controls the communication unit 324, a determination is made as towhether or not purchasing information 353 provided by thepoint-of-purchase server 31 via the network 10 has been acquired, and adetermination that this has been acquired is awaited.

When it is determined that the purchasing information 353 has beenacquired, the CPU 311 advances processing to step S452, calculates theextent of change in store trustworthiness 354 for this time based on theacquired purchasing information 353, and updates the storetrustworthiness 354 stored in the storage unit 323.

The CPU 311 for which the store trustworthiness 354 has been updated theadvances the processing to step S453 and determines whether or notprocessing is complete. When processing is determined not to becomplete, step S451 is returned to, and processing from there onwards isrepeated. Further, when it is determined that the processing iscomplete, the CPU 311 ends the store trustworthiness update processing.

In the above, processing relating to handing over of merchandise iscarried out.

Next, as shown in FIG. 47, a description is given corresponding to thecase of FIG. 24 of the flow of processing by the mobile telephone 11 andthe authentication server 41 relating to updating of usertrustworthiness.

In FIG. 47, as with the case in FIG. 24, the mobile telephone 11accesses the authentication server 41 (arrow 511), but in a point ofdifference with the case of FIG. 24, the authentication server 41 doesnot request temporary commercial transaction information, but doesrequest (arrow 512) and acquire (arrow 513) user trustworthinessinformation. The authentication server 41 then updates the usertrustworthiness 352 contained in the acquired user trustworthinessinformation based on the purchasing information 353 provided by thepoint-of-purchase server 21 and provides this to (arrow 514) and storesthis in the mobile telephone 11.

When the user trustworthiness 352 contained in the acquired usertrustworthiness information is stored, the mobile telephone 11 providesnotification of completion of writing to the authentication server 41(arrow 515). When notification of completion of writing is acquired, theauthentication server 41 provides notification of completion ofprocessing to the mobile telephone 11 (arrow 516) and processing iscomplete.

Trustworthiness operation processing carried out by the mobile telephone11 executed when updating the user trustworthiness as described above isnow described with reference to the flowchart of FIG. 48. A descriptionis now given corresponding to the flowcharts FIG. 25 and FIG. 26 asnecessary.

First, in step S471, as in the case of step S171 of FIG. 25, the maincontrol unit 131 of the mobile telephone 11 accesses the authenticationserver 41 via the network 10.

As described in the following, rather than requesting the temporarycommercial transaction information 391, the authentication server 41requests user trustworthiness information containing the usertrustworthiness 352 stored in the non-contact IC card 146.

In step S472 to step S476, the main control unit 131 of the mobiletelephone 11 carries out the same processing as in the case of step S174of FIG. 25 to step S181 of FIG. 26.

Namely, in step S472, as in the case of step S174 of FIG. 25, the maincontrol unit 131 determines whether or not a request for usertrustworthiness information has been acquired, and waits until it isdetermined that acquisition has taken place.

When a request for user trustworthiness information is acquired, themain control unit 131 advances processing to step S473, and as in thecase of step S275 of FIG. 25, the requested user trustworthinessinformation containing the user trustworthiness 352 is provided to theauthentication server 41.

In step S474, as in the case of step S176 of FIG. 25, the main controlunit 131 determines whether or not a request for user trustworthinessinformation containing the updated user trustworthiness 352 and the usertrustworthiness rewriting key 363 has been acquired, and waits until itis determined that acquisition has taken place.

When it is determined that the user trustworthiness information has beenacquired, the main control unit 131 advances processing to step S475,and as in the case of step S177 of FIG. 25, the user trustworthiness 352recorded in the non-contact IC card 146 is updated by overwriting withthe updated user trustworthiness 352 using the user trustworthinessinformation rewriting key 363 contained in the acquired usertrustworthiness information.

In step S476, as in the case of step S181 of FIG. 26, the main controlunit 131 with the updated user trustworthiness 352 recorded in thenon-contact IC card 146 provides notification of completion of writingto the authentication server 41.

As described in the following, the authentication server 41 thenprovides notification of completion of processing to the mobiletelephone 11 without requesting deletion of the temporary commercialtransaction information 391.

Namely, in step S477, as in the case of step S185 of FIG. 26, the maincontrol unit 131 of the mobile telephone 11 determines whether or notnotification of completion of processing has been acquired, and waitsuntil it is determined that acquisition has taken place.

When it is determined that notification of completion of processing hasbeen acquired, the main control unit 131 completes the trustworthinessoperation processing.

A description is given with reference to the flowchart of FIG. 49 oftrustworthiness operation processing of the authentication server 41carried out in such a manner as to correspond with trustworthinessoperation processing of the mobile telephone 11 described above.

First, in step S491, as in the case of step S201 of FIG. 27, the CPU 311of the authentication server 41 controls the communication unit 324, itis determined whether or not there has been an access by the mobiletelephone 11, and determination that an access has been made is awaited.When it is determined that an access has been made, the CPU 311 advancesprocessing to step S492.

The processing from step S492 to step S496 of FIG. 49 by the CPU 311corresponds to the processing of step S205 of FIG. 27 to step S211 ofFIG. 28, is the same processing, and is therefore omitted from thisdescription.

Namely, in step S492, the CPU 311 requests user trustworthinessinformation containing user trustworthiness 352 stored in thenon-contact IC card 146. In step S493, a determination is made as towhether or not the requested user trustworthiness information has beenacquired, and a determination of acquisition is awaited. When it isdetermined that the requested user trustworthiness information has beenacquired, in step S494, the user trustworthiness 352 is updated based onthe purchasing information 353 stored in the storage unit 323. In stepS495, the updated user trustworthiness information is provided to themobile telephone 11.

Next, in step S496, the communication unit 324 is controlled and whetheror not notification of completion of writing provided by the mobiletelephone 11 has been acquired is determined, with determination thatacquisition has taken place then being awaited. When this is determinedto have been acquired, the CPU 311 does not request deletion oftemporary commercial transaction as in the case in FIG. 28, but ratheradvances to step S497 and provides notification of completion ofprocessing to the mobile telephone 11.

Next, in step S498, as in the case of step S215 of FIG. 28, the CPU 311determines whether or not processing is finished. When it is determinedthat the processing is not finished, the processing returns to step S491and processing from there onwards is repeated.

Further, when it is determined that the processing is complete, the CPU311 ends the trustworthiness operation processing.

In this way, the results of processing purchasing information can bereflected in user trustworthiness.

In the above, it is possible to implement a basic service wheretemporary commercial transaction information is not used by not havingthe point-of-receipt server 31 delete the purchasing information 353 ofthe mobile telephone 11 and by having the authentication server 41update the user trustworthiness of the mobile telephone 11 based on thepurchasing information.

In the above, a description is given where the purchaser of themerchandise acquires purchasing information 353 using the mobiletelephone 11, and authentication processing is then carried out usingthe acquired purchasing information 353 when receiving the merchandise.However, the device used by the purchase may be any mobile communicationterminal device such as, for example, a PDA (Personal Digital Assistant)etc.

The series of processes described above are executed using hardware, butmay also be executed using software. When the series of processes isimplemented using software, the programs comprising this software may bebuilt-into dedicated hardware of a computer. Further, as it is possibleto implement various functions by installing the various programs,installation is also possible from a network or recording medium to, forexample, a general-purpose personal computer.

As shown in FIGS. 4, 7, 8 and 10, in addition to this recording mediumfor distribution providing programs to the users that is separate fromthe device body being comprised of magnetic discs 151, 231, 281 and 331(including flexible discs) recorded with the programs, optical discs152, 232, 282 and 332 (including CD-ROMs (Compact Disk-Read Only Memory)and DVDs (Digital Versatile Discs), magneto-optical discs 153, 233, 283and 333 (including MDs (Mini-Discs) (trademark)), or packaged media suchas semiconductor memory 154, 234, 284 and 334 etc., the programs mayalso be provided to the users in a manner built-into the device body,such as in the case of ROM 202, 252 and 312 recorded with the programsor with hard discs containing storage unit 223, 273 and 323 etc.

In this specification, the steps described by programs recorded inrecording media are for processing carried out in chronological order inthe order disclosed but this processing by no means has to be carriedout in chronological order, and these processes may also be executed inparallel or individually.

In the above, “system” refers to the overall device configured from aplurality of devices.

INDUSTRIAL APPLICABILITY

According to the first information processing system of the presentinvention described above, it is possible to carry out electroniccommercial transactions. In particular, it is possible to easilyauthenticate a purchaser of merchandise and more secure electroniccommercial transactions can be carried out in a straightforward manner.

According to the second information processing system of the presentinvention described above, it is possible to carry out electroniccommercial transactions. In particular, it is possible to be aware ofthe trustworthiness of a commercial transaction target and more securecommercial transactions can easily be carried out.

Further, according to an information communication terminal and method,first recording medium and first program of the present invention, it ispossible to carry out more secure electronic commercial transactions ina straightforward manner. In particular, it is possible to holdpurchasing information indicating purchased merchandise.

Moreover, according to a first information processing apparatus andmethod, second recording medium and second program of the presentinvention, it is possible to carry out more secure electronic commercialtransactions in a straightforward manner. In particular, it is possibleto authenticate a rightful purchaser of merchandise using purchasinginformation indicating purchased merchandise.

Further, according to a second information processing apparatus andmethod, third recording medium and third program of the presentinvention, it is possible to carry out more secure electronic commercialtransactions in a straightforward manner. In particular, it is possibleto manage trustworthiness of stores selling merchandise andtrustworthiness of purchasers purchasing merchandise.

1. An information processing system comprising: an informationcommunication terminal connected to a network, for holding informationrelating to a commercial transaction; a first information processingapparatus connected to said network, for managing information relatingto said commercial transaction; and a second information processingapparatus connected to said network, for managing information relatingto trustworthiness of a first user of said information communicationterminal and information relating to trustworthiness of a second user ofsaid first information processing apparatus; wherein said informationcommunication terminal comprises: a non-contact IC card that utilizeselectromagnetic induction for communication, an identification number ofthe non-contact IC card being included in the information relating tothe commercial transaction upon receiving a product of the commercialtransaction, a first storage unit that stores information relating totrustworthiness of said first user; a first providing unit that providesinformation relating to trustworthiness of said first user to said firstinformation processing apparatus directly by short-range wirelesscommunication; a first acquiring unit that acquires information relatingto trustworthiness of said second user from said second informationprocessing apparatus; a second acquiring unit that acquires informationrelating to said commercial transaction from said first informationprocessing apparatus directly by short-range wireless communication; asecond providing unit that provides trustworthiness of said first userand information relating to said commercial transaction to said secondinformation processing apparatus; and a third acquiring unit thatacquires information relating to trustworthiness of said first userupdated by said second information processing apparatus, wherein saidfirst information processing apparatus comprises: a fourth acquiringunit that acquires information relating to trustworthiness of said firstuser from said information communication terminal directly byshort-range wireless communication; and a third providing unit thatprovides information relating to said commercial transaction to saidinformation communication terminal directly by short-range wirelesscommunication; and wherein said second information processing apparatuscomprises: a second storage unit that stores information relating totrustworthiness of said second user; a fourth providing unit thatprovides information relating to trustworthiness of said second user tosaid information communication terminal; a fifth acquiring unit thatacquires information relating to said first user from said informationcommunication terminal and information relating to said commercialtransaction; an updating unit that updates information relating to saidfirst user and information relating to trustworthiness of said seconduser based on information relating to said commercial transaction; and afifth providing unit that provides said information relating totrustworthiness of said first user updated by said updating unit to saidinformation communication terminal, wherein the non-contact IC cardstores purchasing information of said commercial transaction in a firstlocation in the non-contact IC card, the purchasing information includesa purchasing identifier, a payment identifier, and the identificationnumber of the non-contact IC cards, and the non-contact IC card alsostores the identification number in a second location different from thefirst location in the non-contact IC card, and wherein a one-timepassword is required each time the information relating to saidcommercial transaction is updated so that an illegal duplication orfalsification is prevented.
 2. An information communication terminalcomprising: a first acquiring unit that acquires information relating toa commercial transaction employed in user authentication during productpurchasing; a storage unit that stores information relating to saidcommercial transaction acquired by said first acquiring unit; and afirst providing unit that provides said information relating to saidcommercial transaction during receipt of product directly by short-rangewireless communication; a second acquiring unit that acquires keyinformation required for editing information relating to said commercialtransaction; and a deleting unit that deletes information relating tosaid commercial transaction, by using said key information, wherein theinformation communication terminal further comprises a non-contact ICcard that utilizes electromagnetic induction for communication, anidentification number of the non-contact IC card being included in theinformation relating to the commercial transaction upon receiving aproduct of the commercial transaction, and wherein the non-contact ICcard stores purchasing information of said commercial transaction in afirst location in the non-contact IC card, the purchasing informationincludes a purchasing identifier, a payment identifier, and theidentification number of the non-contact IC cards, and the non-contactIC card also stores the identification number in a second locationdifferent from the first location in the non-contact IC card, andwherein a one-time password is required each time the informationrelating to said commercial transaction is updated so that an illegalduplication or falsification is prevented.
 3. An informationcommunication terminal comprising: a first storage unit that storesinformation relating to trustworthiness of a user decided based onresults of past commercial transactions of said user; a first providingunit that provides said information relating to trustworthiness of saiduser directly by short-range wireless communication; a first acquiringunit that acquires information relating to a commercial transactionemployed in user authentication during product purchasing; a secondstorage unit that stores information relating to said commercialtransaction; and a second providing unit that provides informationrelating to said commercial transaction during product purchasing,wherein the information communication terminal further comprises anon-contact IC card that utilizes electromagnetic induction forcommunication, an identification number of the non-contact IC card beingincluded in the information relating to the commercial transaction uponreceiving a product of the commercial transaction, and wherein thenon-contact IC card stores purchasing information of said commercialtransaction in a first location in the non-contact IC card, thepurchasing information includes a purchasing identifier, a paymentidentifier, and the identification number of the non-contact IC cards,and the non-contact IC card also stores the identification number in asecond location different from the first location in the non-contact ICcard, and wherein a one-time password is required each time theinformation relating to said commercial transaction is updated so thatan illegal duplication or falsification is prevented.
 4. The informationcommunication terminal according to claim 3, further comprising: asecond acquiring unit that acquires key information required to editinformation relating to trustworthiness of said user; and said firststorage unit stores information relating to trustworthiness of said userusing said key information.
 5. The information communication terminalaccording to claim 3, further comprising: a password input unit thatinputs a password permitting providing information relating totrustworthiness of said user; and an authentication unit thatauthenticates said password; wherein said first providing unit providesinformation relating to trustworthiness of said user if said password isauthenticated made by said authentication unit.
 6. An informationcommunication terminal comprising: a first acquiring unit that acquiresinformation relating to a commercial transaction employed in userauthentication during product purchasing; a storage unit that storesinformation relating to said commercial transaction; and a firstproviding unit that provides said information relating to saidcommercial transaction during receipt of product directly by short-rangewireless communication; a second acquiring unit that acquiresinformation relating to trustworthiness of a commercial transactiontarget of said commercial transaction constituted by said user of saidfirst information processing apparatus from a second informationprocessing apparatus separate from said first information processingapparatus; and a display unit that displays information relating totrustworthiness of said commercial transaction target, wherein theinformation communication terminal further comprises a non-contact ICcard that utilizes electromagnetic induction for communication, anidentification number of the non-contact IC card being included in theinformation relating to the commercial transaction upon receiving aproduct of the commercial transaction, and wherein the non-contact ICcard stores purchasing information of said commercial transaction in afirst location in the non-contact IC card, the purchasing informationincludes a purchasing identifier, a payment identifier, and theidentification number of the non-contact IC cards, and the non-contactIC card also stores the identification number in a second locationdifferent from the first location in the non-contact IC card, andwherein a one-time password is required each time the informationrelating to said commercial transaction is updated so that an illegalduplication or falsification is prevented.
 7. The informationcommunication terminal according to claim 6, further comprising: a thirdacquiring unit that acquires information in order to decidetrustworthiness of said commercial transaction target of said commercialtransaction; and a second providing unit that provides information;wherein said storage unit stores information relating to said firstinformation processing apparatus.
 8. The information communicationterminal according to claim 7, further comprising: a fourth acquiringunit that acquires key information required to edit information; and adeleting unit that deletes information using said key information.
 9. Aninformation processing apparatus connected to a network, for managinginformation relating to a commercial transaction, comprising: a firstacquiring unit that acquires information relating to trustworthiness ofa target of said commercial transaction directly by short-range wirelesscommunication; a generating unit that generates information relating tosaid commercial transaction during product sales; a first providing unitthat provides information relating to said commercial transactiondirectly by short-range wireless communication; a storage unit thatstores information relating to said commercial transaction; a secondacquiring unit that acquires information relating to said commercialtransaction during product delivery directly by short-range wirelesscommunication; an authentication unit that authenticates informationrelating to said commercial transaction using information relating tosaid commercial transaction; and a second providing unit that providesinformation relating to said information processing apparatus forgenerating information relating to user trustworthiness, wherein thesecond acquiring unit acquires in a first acquiring process purchasinginformation of said commercial transaction from a non-contact IC card,the purchasing information includes a purchasing identifier, a paymentidentifier, and an identification number of the non-contact IC card, andthe second acquiring unit acquires in a second acquiring process theidentification number from the non-contact IC card, and wherein aone-time password is required each time the information relating to saidcommercial transaction is updated so that an illegal duplication orfalsification is prevented.
 10. An information processing method for aninformation processing apparatus connected to a network, for managinginformation relating to a commercial transaction, comprising: a firstacquisition control step of controlling the acquisition of informationrelating to trustworthiness of a target of said commercial transaction;a generating step for generating information relating to said commercialtransaction during product sales; a first providing control step forcontrolling providing of information relating to said commercialtransaction generated by said generating step process directly byshort-range wireless communication; a storage control step forcontrolling storage of information relating to said commercialtransaction generated by said generating step process; a secondacquisition control step for controlling acquisition of informationrelating to said commercial transaction during product delivery; anauthentication step for authenticating information relating to saidcommercial transaction having acquisition thereof controlled by saidsecond acquisition control step using information relating to saidcommercial transaction having storage thereof controlled by said storagecontrol step process; and a second providing control step forcontrolling providing of information for generating information relatingto user trustworthiness to authenticated by said authentication stepdirectly by short-range wireless communication, wherein the secondacquisition control step acquires in a first acquiring processpurchasing information of said commercial transaction from a non-contactIC card, the purchasing information includes a purchasing identifier, apayment identifier, and an identification number of the non-contact ICcard, and the second acquiring unit acquires in a second acquiringprocess the identification number from the non-contact IC card, andwherein a one-time password is required each time the informationrelating to said commercial transaction is updated so that an illegalduplication or falsification is prevented.
 11. A computer-readablerecording medium recorded with a computer-executable program for use byan information processing apparatus connected to a network, for managinginformation relating to a commercial transaction, comprising: a firstacquisition control step of controlling the acquisition of informationrelating to trustworthiness of said commercial transaction target; agenerating step for generating information relating to said commercialtransaction during product sales; a first providing control step forcontrolling providing of information relating to said commercialtransaction generated by said generating step process directly byshort-range wireless communication; a storage control step forcontrolling storage of information relating to said commercialtransaction generated by said generating step process; a secondacquisition control step for controlling acquisition of informationrelating to said commercial transaction during product delivery; anauthentication step for authenticating information relating to saidcommercial transaction having acquisition thereof controlled by saidsecond acquisition control step using information relating to saidcommercial transaction having storage thereof controlled by said storagecontrol step process; and a second providing control step forcontrolling providing of information relating to said informationprocessing apparatus for generating information relating to usertrustworthiness to authenticated by said authentication step directly byshort-range wireless communication, wherein the second acquisitioncontrol step acquires in a first acquiring process purchasinginformation of said commercial transaction from a non-contact IC card,the purchasing information includes a purchasing identifier, a paymentidentifier, and an identification number of the non-contact IC card, andthe second acquiring unit acquires in a second acquiring process theidentification number from the non-contact IC card, and wherein aone-time password is required each time the information relating to saidcommercial transaction is updated so that an illegal duplication orfalsification is prevented.
 12. An information processing systemconnected to a network, for managing information relating totrustworthiness of a first user of an information communication terminaland information relating to trustworthiness of a second user of anotherinformation processing apparatus, comprising: a storage unit that storesinformation relating to trustworthiness of said second user; a firstproviding unit that provides information relating to trustworthiness ofsaid second user to said information communication terminal directly byshort-range wireless communication; an acquiring unit that acquiresinformation relating to said first user from said informationcommunication terminal and information relating to a commercialtransaction directly by short-range wireless communication; an updatingunit that updates information relating to said first user andinformation relating to trustworthiness of said second user based oninformation relating to said commercial transaction; and a secondproviding unit that provides information relating to trustworthiness ofsaid first user to said information communication terminal directly byshort-range wireless communication, wherein the informationcommunication terminal further comprises a non-contact IC card thatutilizes electromagnetic induction for communication, an identificationnumber of the non-contact IC card being included in the informationrelating to the commercial transaction upon receiving a product of thecommercial transaction, and wherein the non-contact IC card storespurchasing information of said commercial transaction in a firstlocation in the non-contact IC card, the purchasing information includesa purchasing identifier, a payment identifier, and the identificationnumber of the non-contact IC cards, and the non-contact IC cards alsostores the identification number in a second location different from thefirst location in the non-contact IC card, and wherein a one-timepassword is required each time the information relating to saidcommercial transaction is updated so that an illegal duplication orfalsification is prevented.
 13. An information processing method,executed by a processor, for an information processing system connectedto a network, for managing information relating to trustworthiness of afirst user of an information communication terminal and informationrelating to trustworthiness of a second user of another informationprocessing apparatus, comprising: a storage control step of controllingstorage of information relating to trustworthiness of said second user;a first provision control step of controlling providing of informationrelating to trustworthiness of said second user directly by short-rangewireless communication, the storage thereof being controlled byprocessing of said storage control step, to said informationcommunication terminal; an acquisition control step of controllingacquisition of information relating to said first user provided by saidinformation communication terminal and information relating to acommercial transaction directly by short-range wireless communication;an updating step for updating information relating to trustworthiness ofsaid first user with the acquisition thereof controlled by theprocessing of said acquisition control step and information relating totrustworthiness of said second user with the storage thereof controlledby the processing of said storage control step based on informationrelating to said commercial transaction with acquisition thereofcontrolled by processing of said acquisition control step; and a secondprovision control step of controlling providing of information relatingto trustworthiness of said first user updated by processing of saidupdating step, to said information communication terminal directly byshort-range wireless communication, wherein the informationcommunication terminal further comprises a non-contact IC card thatutilizes electromagnetic induction for communication, an identificationnumber of the non-contact IC card being included in the informationrelating to the commercial transaction upon receiving a product of thecommercial transaction, and wherein the non-contact IC card storespurchasing information of said commercial transaction in a firstlocation in the non-contact IC card, the purchasing information includesa purchasing identifier, a payment identifier, and the identificationnumber of the non-contact IC cards, and the non-contact IC cards alsostores the identification number in a second location different from thefirst location in the non-contact IC card, and wherein a one-timepassword is required each time the information relating to saidcommercial transaction is updated so that an illegal duplication orfalsification is prevented.
 14. A recording medium recorded with acomputer-readable program for use with an information processing systemconnected to a network, for managing information relating totrustworthiness of a first user of an information communication terminaland information relating to trustworthiness of a second user of anotherinformation processing apparatus, comprising: a storage control step ofcontrolling storage of information relating to trustworthiness of saidsecond user; a first provision control step of controlling providing ofinformation relating to trustworthiness of said second user directly byshort-range wireless communication, the storage thereof being controlledby processing of said storage control step, to said informationcommunication terminal; an acquisition control step of controllingacquisition of information relating to said first user provided by saidinformation communication terminal and information relating to acommercial transaction directly by short-range wireless communication;an updating step for updating information relating to trustworthiness ofsaid first user with the acquisition thereof controlled by theprocessing of said acquisition control step and information relating totrustworthiness of said second user with the storage thereof controlledby the processing of said storage control step based on informationrelating to said commercial transaction with acquisition thereofcontrolled by processing of said acquisition control step; and a secondprovision control step of controlling providing of information relatingto trustworthiness of said first user updated by processing of saidupdating step, to said information communication terminal directly byshort-range wireless communication, wherein the informationcommunication terminal further comprises a non-contact IC card thatutilizes electromagnetic induction for communication, an identificationnumber of the non-contact IC card being included in the informationrelating to the commercial transaction upon receiving a product of thecommercial transaction, and wherein the non-contact IC card storespurchasing information of said commercial transaction in a firstlocation in the non-contact IC card, the purchasing information includesa purchasing identifier, a payment identifier, and the identificationnumber of the non-contact IC cards, and the non-contact IC cards alsostores the identification number in a second location different from thefirst location in the non-contact IC card, and wherein a one-timepassword is required each time the information relating to saidcommercial transaction is updated so that an illegal duplication orfalsification is prevented.